Today VMware has released the following new security advisories:
VMSA-2016-0007 – VMware NSX and vCNS product updates address a critical information disclosure vulnerability.
VMSA-2016-0008 – VMware vRealize Log Insight addresses important and moderate security issues.
Information disclosure issue (CVE-2016-2079) may allow a remote attacker to gain access to sensitive information on VMware NSX and vCNS with SSL-VPN enabled. By exploiting the stored cross-site scripting issue (CVE-2016-2081) and cross-site request forgery issue (CVE-2016-2082) in VMware vRealize Log Insight, an attacker can hijack an authenticated user’s session and also may replace trusted content in the Log Insight UI without the user’s authorization.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.