VMware product updates address information disclosure issue

VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity (XXE) requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed.

It is recommended to review the patch/release notes if you happen to use any of the following products:  VMware vCenter Server 5.5 prior to version 5.5 update 3, VMware vCenter Server 5.1 prior to version 5.1 update u3b, VMware vCenter Server 5.0 prior to version 5.0 update u3e, vCloud Director 5.6 prior to version 5.6.4, vCloud Director 5.5 prior to version 5.5.3, VMware Horizon View 6.0 prior to version 6.1, and VMware Horizon View 5.0 prior to version 5.3.4.

VMware Security Advisory is available here – http://www.vmware.com/security/advisories/VMSA-2015-0008.html

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top