This article is more than 1 year old

vCenter bug squashed

Oh the irony: VMware has just revealed it will move vSphere clients to HTML5, but has today revealed a new bug in the existing vSphere web client.

VMSA-2016-006 contains a “a reflected cross-site scripting vulnerability that occurs through flash parameter injection".

VMware says an attacker “can exploit this issue by tricking a victim into clicking a malicious link.”

Only vSphere on Windows has the problem and the fix is an upgrade to vCenter server for all versions from 5.0 up. To the wider world, the bug will be known as CVE-2016-2078. ®

More about

TIP US OFF

Send us news