Summary
VMware has updated vCenter Server to address multiple security vulnerabilities.
Solution
Apply the missing patch(es).
Insight
vCenter and Update Manager, Oracle JRE update 1.6.0_51.
Oracle JRE is updated to version 1.6.0_51, which addresses multiple security issues that existed in earlier releases of Oracle JRE.
Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_51 in the Oracle Java SE Critical Patch Update Advisory of June 2013. The References section provides a link to this advisory.
Affected
VMware vCenter Server before 5.0 update 3
Detection
Check the build number.
References
Severity
Classification
-
CVE CVE-2013-5971 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
- Apple Mac OS X Authentication Bypass Vulnerability
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
- Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)