KLA10665
Obtain sensitive information vulnerability in VMware vCenter Server
Обновлено: 17/06/2019
Дата обнаружения
16/09/2015
Уровень угрозы
High
Описание

Improper certificate validation was found in VMware vCenter Server. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a traffic interception.


Technical details

This vulnerability can be exploited when vCenter Server binding to LDAP server via TLS.

Пораженные продукты

VMware vCenter Server 6.0 versions earlier than 6.0 update 1
VMware vCenter Server 5.5 versions earlier than 5.5 update 3

Решение

Update to the latest version
vCenter download and buy page

Первичный источник обнаружения
VMware advisory
Оказываемое влияние
?
OSI 
[?]
Связанные продукты
VMware vCenter Server
CVE-IDS