VMware vCenter Server Appliance Cross-Site Scripting (CVE-2014-3797)
Release date: 2014-4 4
Updated on:
Affected Systems:
VMWare vCenter Server <5.1 Update 3
Description:
Bugtraq id: 71492
CVE (CAN) ID: CVE-2014-3797
VMware vCenter Server allows you to quickly deploy virtual machines and monitor the performance of physical servers and virtual machines. You can deploy, monitor, and manage virtualized IT environments on a single interface and ensure the best service level.
The cross-site scripting vulnerability exists in VMware vCenter Server Appliance (vCSA) versions earlier than 5.1 Update 3. Remote attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML.
<* Source: Tanya Secker
Link: http://xforce.iss.net/xforce/xfdb/99155
*>
Suggestion:
Vendor patch:
VMWare
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.vmware.com/security/advisories/VMSA-2014-0012.html
This article permanently updates the link address: