DoS and OSI vulnerabilities in VMware products

Описание

Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information.

Below is a complete list of vulnerabilities:

1. An unspecified vulnerability in VMware vCenter Server can be exploited remotely via specially crafted LDAP network packet to cause denial of service;
2. SSRF and CRLF injection issues in vSphere Web Client i.e. not the new HTML5-based vSphere Client can be exploited remotely to disclose sensetive information.

Первичный источник обнаружения

• VMSA-2017-0017
  

Связанные продукты

• VMware-vSphere-Client
• VMware-vCenter-Server

Список CVE

• CVE-2017-4928
  warning
• CVE-2017-4927
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com