Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
VMSA-2012-0018: VMware security updates for vCSA and ESXi
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote ESXi is missing one or more security related Updates from VMSA-2012-0018.
Insight
Insight
VMware has updated vCenter Server Appliance (vCSA) and ESX to address multiple security vulnerabilities: a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.
Affected Software
Affected Software
vCenter Server Appliance 5.1 prior to vCSA 5.1.0b vCenter Server Appliance 5.0 prior to vCSA 5.0 Update 2 VMware ESXi 5.1 without patch ESXi510-201212101 VMware ESXi 5.0 without patch ESXi500-201212101
Solution
Solution
Apply the missing patch(es).