Hey there! Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 27 January 2018 - 10:34 AM
FYI...
VMSA-2018-0006 - vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulns
- https://www.vmware.c...-2018-0006.html
2018-01-26
Severity: Critical
CVE numbers: CVE-2017-4947, CVE-2017-4951
Summary: vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities
Relevant Products:
vRealize Automation (vRA)
vSphere Integrated Containers (VIC)
VMware AirWatch Console (AWC)
Problem Description:
a. vRealize Automation and vSphere Integrated Containers deserialization vulnerability via Xenon
vRealize Automation and vSphere Integrated Containers contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
b. VMware AirWatch Console Cross Site Request Forgery (CSRF)
VMware AirWatch Console contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> VMware vRealize Automation 7.3
Downloads and Documentation:
- https://my.vmware.co..._automation/7_3
- https://docs.vmware....tion/index.html
> VMware vRealize Automation 7.2
Downloads and Documentation:
- https://my.vmware.co..._automation/7_2
- https://docs.vmware....tion/index.html
> VMware vSphere Integrated Containers 1.3
Downloads and Documentation:
- https://my.vmware.co..._containers/1_3
- https://www.vmware.c...iners-pubs.html
> VMware AirWatch Console 9.2.2
Downloads and Documentation:
- https://support.air-...es/115015625647
> VMware AirWatch Console 9.1.5
Downloads and Documentation:
- https://my.air-watch...indows/v9.1.0.0
___
Edited by AplusWebMaster, 27 January 2018 - 11:01 AM.
.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 10 February 2018 - 10:25 AM
FYI...
VMSA-2018-0007 - VMware Virtual Appliance updates address side-channel analysis due to speculative execution
- https://www.vmware.c...-2018-0007.html
2018-02-08
Severity: Important
Summary: VMware Virtual Appliance updates address side-channel analysis due to speculative execution
Note: This document will focus on VMware Virtual Appliances which are affected by the known variants of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.
For more information please see Knowledge Base article 52264:
- https://kb.vmware.com/s/article/52264
These mitigations are part of the Operating System-Specific Mitigations category described in VMware Knowledge Base article 52245:
- https://kb.vmware.com/s/article/52245
Relevant Products
vCloud Usage Meter (UM)
Identity Manager (vIDM)
vCenter Server (vCSA)
vSphere Data Protection (VDP)
vSphere Integrated Containers (VIC)
vRealize Automation (vRA)
Problem Description: VMware Virtual Appliance Mitigations for Bounds-Check bypass, Branch Target Injection, and Rogue data cache load issues.
CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) Successful exploitation may allow for information disclosure.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass), CVE-2017-5715 (Branch Target Injection), CVE-2017-5754 (Rogue data cache load) to these issues...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
> vSphere Integrated Containers 1.3.1
Downloads and Documentation:
- https://my.vmware.co...oadGroup=VIC131
> References:
- http://www.cve.mitre...e=CVE-2017-5753
- http://www.cve.mitre...e=CVE-2017-5715
- http://www.cve.mitre...e=CVE-2017-5754
- https://kb.vmware.com/kb/52264
- https://kb.vmware.com/kb/52245
- https://kb.vmware.com/kb/52467
- https://kb.vmware.com/kb/52284
- https://kb.vmware.com/kb/52312
- https://kb.vmware.com/kb/52377
- https://kb.vmware.com/kb/52497
.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
