KLA10436
Multiple vulnerabilities in VMware vSphere Client
Обновлено: 17/06/2019
Дата обнаружения
10/04/2014
Уровень угрозы
Critical
Описание

Multiple critical vulnerabilities have been found in VMware vSphere. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security. Below is a complete list of vulnerabilities

  1. An improper client file update validation can be exploited remotely;
  2. An improper X.509 certificates validation can be exploited remotely via SSL service spoofing;
Пораженные продукты

VMware vSphere Client 4 versions 4.0, 4.1
VMware vSphere Client 5 versions 5.0, 5.1

Решение

Update vSphere client to safe version. Use one of these links or go to VMware bulletin for instructions.
vCenter Server 5.1 update
vCenter Server 5.0 update

Первичный источник обнаружения
VMware bulletin
Оказываемое влияние
?
ACE 
[?]

SB 
[?]
Связанные продукты
VMware vSphere Client
CVE-IDS
CVE-2014-12105.8High
CVE-2014-12099.3Critical