CVE-2016-7458 VMware vCenter Server 6.0 Update 2a Missing (VMSA-2016-0022)

漏洞类别:VMware

漏洞等级:

漏洞信息

VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update 2a, which corrects the following security issue:

vCenter Server contains an XML External Entity (XXE) vulnerability in the Log Browser, the Distributed Switch setup, and the Content Library.
vCenter Server and vRealize Automation contain an XML External Entity (XXE) vulnerability in the Single Sign-On functionality.

漏洞危害

A specially crafted XML request issued to the server by an authorized user may lead to unintended information disclosure.

解决方案

VMware has issued a fix (vCenter Server 6.0 U2a).

Upgrade vCenter Server Appliance to Build 4541947 or apply the latest VMware vCenter Server Appliance build.

Refer to VMSA-2016-0022 for further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

VMSA-2016-0022: VMware vCenter Server 6.0

Leave a Reply