Vulnerability in Vmware Vcenter_server_appliance

CVE-2014-8371

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.001 (31.6th percentile) — read the EPSS interpretation.

Affected products

Vmware Vcenter_server_appliance — versions 5.0, 5.1, 5.5
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (mailing-list, x_refsource_FULLDISC)