The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of vCenter Windows

VMware vCenter: code execution via AMF3 messages
An attacker can send a Java object in an AMF3 message to VMware vCenter, in order to run code...
CERTFR-2017-AVI-115, CVE-2017-5641, VIGILANCE-VUL-22459, VMSA-2017-0007
Apache Struts: code execution via Jakarta Multipart CT
An attacker can use a malicious Content-Type header on Apache Struts with Jakarta Multipart installed, in order to run code...
498123, CERTFR-2017-ALE-004, CERTFR-2017-AVI-071, cisco-sa-20170310-struts2, cpuapr2017, cpujul2017, CVE-2017-5638, ESA-2017-042, S2-045, S2-046, VIGILANCE-VUL-22047, VMSA-2017-0004, VMSA-2017-0004.6, VU#834067
VMware vCenter Server, VMware vSphere Client: three vulnerabilities
Several vulnerabilities were announced in VMware vCenter Server and VMware vSphere Client...
CERTFR-2016-AVI-388, CVE-2016-7458, CVE-2016-7459, CVE-2016-7460, VIGILANCE-VUL-21194, VMSA-2016-0022
VMware: two vulnerabilities
An attacker can use several vulnerabilities of VMware...
CERTFR-2016-AVI-265, CVE-2016-5330, CVE-2016-5331, SFY20151201, SYSS-2016-063, VIGILANCE-VUL-20326, VMSA-2016-0010
VMware vCenter Server: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of VMware vCenter Server, in order to run JavaScript code in the context of the web site...
CERTFR-2016-AVI-202, CVE-2015-6931, VIGILANCE-VUL-19904, VMSA-2016-0009
VMware vCenter Server: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of VMware vCenter Server, in order to run JavaScript code in the context of the web site...
CERTFR-2016-AVI-179, CVE-2016-2078, VIGILANCE-VUL-19695, VMSA-2016-0006
VMware vCenter: code execution via JMX Deserialization
An attacker can send authentication data containing a malicious object, which is unserialized by JMX on VMware vCenter, in order to run code...
CERTFR-2016-AVI-175, CVE-2016-3427, VIGILANCE-VUL-19619, VMSA-2016-0005, VMSA-2016-0005.1, VMSA-2016-0005.2, VMSA-2016-0005.3, VMSA-2016-0005.4
VMware vCenter Server: Man-in-the-Middle of Client Integration Plugin
An attacker can act as a Man-in-the-Middle of Client Integration Plugin on VMware vCenter Server, in order to read or write data in the session...
CERTFR-2016-AVI-130, CVE-2016-2076, VIGILANCE-VUL-19388, VMSA-2016-0004
Apache Flex BlazeDS: external XML entity injection
An attacker can transmit malicious XML data to Apache Flex BlazeDS, in order to read a file, scan sites, or trigger a denial of service...
APSB15-30, CVE-2015-5255, VIGILANCE-VUL-18568, VMSA-2015-0008, VMSA-2015-0008.1
VMware vCenter Server: external XML entity injection
An attacker can transmit malicious XML data to VMware vCenter Server, in order to read a file, scan sites, or trigger a denial of service...
CERTFR-2015-AVI-496, CVE-2015-3269, VIGILANCE-VUL-18335, VMSA-2015-0008, VMSA-2015-0008.1
Our database contains other pages. You can request a free trial to read them.

Display information about vCenter Windows: