Vulnerability in Vmware Vsphere_client

CVE-2014-1210

VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.002 (39.5th percentile) — read the EPSS interpretation.

Affected products

Vmware Vsphere_client — versions 5.0, 5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)