VMware Fixed two serious vulnerabilities in software vRealize company that could lead to code execution and business commitment remote workstations.
In a security advisory released Tuesday, the California firm in Palo Alto, said the "important" vulnerabilities found in VMware VMware platforms vRealize commercial and advanced automation and business software vRealize.
Insects, CVE-2015-2344 and CVE-2016-2075 are issues Cross-Site Scripting (XSS). XSS exploits occur when a vulnerability in the software or applications allows injection of client-side code, leading to problems including remote code execution, the malicious code to download and jeopardize the system.
The first vulnerability, CVE-2015-2344, impacts vRealize automation VMware 6.x before 6.2.4 on the Linux operating system, while the second vulnerability, CVE-2016-2075, affects VMware vRealize Advanced Business and Enterprise 8. 8.2 x 0.5 before, back in Linux.
An independent researcher Lukasz Plonka, reported the XSS vulnerability first, while the Deloitte security researcher Alvaro Trigo Martin de Vidales VMware found and reported to the second question.
Built on other operating systems, including Microsoft Windows are not affected.
users are encouraged to upgrade as soon as possible. The following patches Reissue a security review for a problem been corrected adequately in October 2015, a remote vulnerability of critical code running on the platform of vCenter Server.
In the last month, VMware traveled through a redesign of the company, who have lost three keyframes in quick succession. Martin Casado, former head of the company NSX VMWare, CFO Jonathan Chadwick and Carl Eschenbach, former head of VMware operates all left to pursue other opportunities.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.