VMware Multiple Products Java Multiple Vulnerabilities

STEAM-ADVISORY NO. 2013102101
PURDUE UNIVERSITY SECURITY STEAM CIRT
Monday, October 21, 2013 15:10:00 EDT


==OVERVIEW==

VMware Multiple Products Java Multiple Vulnerabilities


==SYSTEMS AFFECTED==

VMware ESX Server 4.x
VMware vCenter Server 4.x
VMware vCenter Server 5.x
VMware vSphere Update Manager 5.x


==DETAILS==

VMware has acknowledged multiple vulnerabilities in multiple products,
which can be exploited by malicious, local users to disclose certain
sensitive information, manipulate certain data, and gain escalated
privileges and by malicious people to conduct spoofing attacks, disclose
certain sensitive information, manipulate certain data, cause a DoS
(Denial of Service), bypass certain security restrictions, and
compromise a vulnerable system.

The vulnerabilities are due to a bundled vulnerable version of Java.


==SOLUTIONS==


Ensure that VMWare products are up to date with the latest patches.

VMWare Advisory - Patch download links available on this web site

h t t p :// w w w.vmware.com/security/advisories/VMSA-2013-0012.html

(remove spaces from links)

==STEAM-CIRT CONTACT INFORMATION==


For questions concerning this advisory, please send email to:
itap-securityhelp@purdue.edu.

Report computer-related abuse to steam-cirt:
https://purdue.qualtrics.com/SE/?SID=SV_4Z45KwRtZD5qROl


http://w w w .purdue.edu/securepurdue/steam


(remove spaces from links)



Posted by ITSP on October 21, 2013, in Advisory Alerts.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.