2 results (0.004 seconds)

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0

VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors. VMware vSphere Client 4.0, 4.1, 5.0 anterior a Update 3 y 5.1 anterior a Update 2 no valida debidamente actualizaciones a archivos de clientes, lo que permite a atacantes remotos provocar la descarga y ejecución de un programa arbitrario a través de vectores no especificados. • http://www.vmware.com/security/advisories/VMSA-2014-0003.html • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. VMware vSphere Client 5.0 anterior a Update 3 y 5.1 anterior a Update 2 no valida debidamente certificados X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado manipulado. • http://www.vmware.com/security/advisories/VMSA-2014-0003.html • CWE-310: Cryptographic Issues •