VMware is urging users of its vCenter Server and ESXi software to install its latest patches to plug vulnerabilities that can allow remote-code execution and denial of service.
The vCenter flaw was first spotted by Doug McLeod of Edinburgh-based security consultancy 7 Elements toward the beginning of the year, and the researchers have been working with VMware to come up with a fix ahead of Thursday's public disclosure.
The vulnerability, which affects vCenter Server versions 5.0 through 6.0 on all supported platforms, involves an improperly configured Java Management Extensions (JMX) service that can be manipulated remotely without authentication.
Article complet : ici
Aucun commentaire:
Enregistrer un commentaire