Executive Summary
Summary | |
---|---|
Title | - VMware vCenter Server updates address a LDAP certificate validation issue |
Informations | |||
---|---|---|---|
Name | VMSA-2015-0006 | First vendor Publication | 2015-09-16 |
Vendor | VMware | Last vendor Modification | 2015-09-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5.8 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
VMware vCenter Server LDAP certificate validation vulnerability VMware vCenter Server does not validate the certificate when binding to an LDAP server using TLS. Exploitation of this vulnerability may allow an attacker that is able to intercept traffic between vCenter Server and the LDAP server to capture sensitive information. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-6932 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2015-0006.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-09-24 | IAVM : 2015-B-0116 - VMware vCenter Server 6.0 Certificate Validation Vulnerability Severity : Category I - VMSKEY : V0061483 |
2015-09-24 | IAVM : 2015-B-0117 - VMware vCenter Server 5.5 Certificate Validation Vulnerability Severity : Category I - VMSKEY : V0061485 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-09-24 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0006_55.nasl - Type : ACT_GATHER_INFO |
2015-09-24 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0006_60.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0006.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-01-18 00:27:26 |
|
2016-01-18 00:23:13 |
|