Executive Summary

Summary
TitleVMware NSX and vCNS product updates address a critical information disclosure vulnerability
Informations
NameVMSA-2016-0007First vendor Publication2016-06-09
VendorVMwareLast vendor Modification2016-08-26
Severity (Vendor) N/ARevision2

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. VMware NSX and vCNS critical information disclosure vulnerability

VMware NSX and vCNS with SSL-VPN enabled contain a critical input validation vulnerability. This issue may allow a remote attacker to gain access to sensitive information.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-2079 to this issue.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2016-0007.html

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application9
Application7

Nessus® Vulnerability Scanner

DateDescription
2016-11-23Name : The remote host is affected by an information disclosure vulnerability.
File : vmware_nsx_vmsa_2016_0007.nasl - Type : ACT_GATHER_INFO
2016-01-26Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0007.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2016-11-24 13:26:07
  • Multiple Updates
2016-08-26 21:20:14
  • Multiple Updates
2016-08-16 09:19:15
  • Multiple Updates
2016-07-08 17:24:26
  • Multiple Updates
2016-07-03 09:29:56
  • Multiple Updates
2016-06-10 09:24:43
  • First insertion