VMware Security Updates For VCenter Server (VMSA-2013-0012) Network Vulnerability

Summary

VMware has updated vCenter Server to address multiple security vulnerabilities.

Solution

Apply the missing patch(es).

Insight

vCenter and Update Manager, Oracle JRE update 1.6.0_51. Oracle JRE is updated to version 1.6.0_51, which addresses multiple security issues that existed in earlier releases of Oracle JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_51 in the Oracle Java SE Critical Patch Update Advisory of June 2013. The References section provides a link to this advisory.

Affected

VMware vCenter Server before 5.0 update 3

Detection

Check the build number.

References

http://www.vmware.com/security/advisories/VMSA-2013-0012.html
https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u3_rel_notes.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5971

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
CA Gateway Security Remote Code Execution Vulnerability
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
Adobe Flash Media Server Video Stream Capture Security Issue
Apache Tomcat Multiple Vulnerabilities - 01 Mar14

VMware Security Updates for vCenter Server (VMSA-2013-0012)

Take action and discover your vulnerabilities