VMware Security Updates For VCenter Server (VMSA-2013-0012) Network Vulnerability

Summary

VMware has updated vCenter Server to address multiple security vulnerabilities.

Solution

Apply the missing patch(es).

Insight

vCenter and Update Manager, Oracle JRE update 1.6.0_51. Oracle JRE is updated to version 1.6.0_51, which addresses multiple security issues that existed in earlier releases of Oracle JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_51 in the Oracle Java SE Critical Patch Update Advisory of June 2013. The References section provides a link to this advisory.

Affected

VMware vCenter Server before 5.0 update 3

Detection

Check the build number.

References

http://www.vmware.com/security/advisories/VMSA-2013-0012.html
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u3_rel_notes.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5971
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
Apple Mac OS X Authentication Bypass Vulnerability
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)

VMware Security Updates for vCenter Server (VMSA-2013-0012)

Take action and discover your vulnerabilities