漏洞类别:VMware
漏洞等级: 
漏洞信息
VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update U2e, which corrects the following security issue:
VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Java SE Critical Patch Update Advisory of January 2015.
QID Detection Logic (Authenticated)
This checks for vulnerable version of vCenter.
漏洞危害
On successful exploitation it allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
解决方案
VMware has issued a fix (5.5 U2e).
Upgrade vCenter Server Appliance to Build 2646482 or apply the latest VMware vCenter Server Appliance build.
Refer to VMSA-2015-0003 for further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论