VMware Security Updates For VCenter Server (VMSA-2013-0012) Network Vulnerability

Summary

VMware has updated vCenter Server to address multiple security vulnerabilities.

Solution

Apply the missing patch(es).

Insight

vCenter and Update Manager, Oracle JRE update 1.6.0_51. Oracle JRE is updated to version 1.6.0_51, which addresses multiple security issues that existed in earlier releases of Oracle JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_51 in the Oracle Java SE Critical Patch Update Advisory of June 2013. The References section provides a link to this advisory.

Affected

VMware vCenter Server before 5.0 update 3

Detection

Check the build number.

References

http://www.vmware.com/security/advisories/VMSA-2013-0012.html
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u3_rel_notes.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5971

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)

VMware Security Updates for vCenter Server (VMSA-2013-0012)

Take action and discover your vulnerabilities