Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: June 2016

Monthly Archives: June 2016

New VMware Security Advisory VMSA-2016-0009 and Updated Advisories

Today, VMware has released the following new and updated security advisories:
New
VMSA-2016-0009
Updated
VMSA-2015-0007.6
VMSA-2015-0009.3
VMSA-2016-0005.4

The new advisory addresses an important cross-site scripting issue in the vSphere Web Client, CVE-2015-6931. The issue is present on the server side in vCenter Server running on Windows and in vCenter Server Appliance.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.

New VMware Security Advisories VMSA-2016-0007 and VMSA-2016-0008

Today VMware has released the following new security advisories:

VMSA-2016-0007 – VMware NSX and vCNS product updates address a critical information disclosure vulnerability.
VMSA-2016-0008 – VMware vRealize Log Insight addresses important and moderate security issues.

Information disclosure issue (CVE-2016-2079) may allow a remote attacker to gain access to sensitive information on VMware NSX and vCNS with SSL-VPN enabled. By exploiting the stored cross-site scripting issue (CVE-2016-2081) and cross-site request forgery issue (CVE-2016-2082) in VMware vRealize Log Insight, an attacker can hijack an authenticated user’s session and also may replace trusted content in the Log Insight UI without the user’s authorization.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.