Login   |   Secure Purdue > News

VMware Multiple Products Java Multiple Vulnerabilities

STEAM-ADVISORY NO. 2013102101
PURDUE UNIVERSITY SECURITY STEAM CIRT
Monday, October 21, 2013 15:10:00 EDT


==OVERVIEW==

VMware Multiple Products Java Multiple Vulnerabilities


==SYSTEMS AFFECTED==

VMware ESX Server 4.x
VMware vCenter Server 4.x
VMware vCenter Server 5.x
VMware vSphere Update Manager 5.x


==DETAILS==

VMware has acknowledged multiple vulnerabilities in multiple products,
which can be exploited by malicious, local users to disclose certain
sensitive information, manipulate certain data, and gain escalated
privileges and by malicious people to conduct spoofing attacks, disclose
certain sensitive information, manipulate certain data, cause a DoS
(Denial of Service), bypass certain security restrictions, and
compromise a vulnerable system.

The vulnerabilities are due to a bundled vulnerable version of Java.


==SOLUTIONS==


Ensure that VMWare products are up to date with the latest patches.

VMWare Advisory - Patch download links available on this web site

h t t p :// w w w.vmware.com/security/advisories/VMSA-2013-0012.html

(remove spaces from links)

==STEAM-CIRT CONTACT INFORMATION==


For questions concerning this advisory, please send email to:
itap-securityhelp@purdue.edu.

Report computer-related abuse to steam-cirt:
http://w w w .purdue.edu/securePurdue/incidentReportForm.cfm


http://w w w .purdue.edu/securepurdue/steam


(remove spaces from links)

Posted by ITSP on October 21, 2013, in Advisory Alerts.