CVE-2014-8371
VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.
| Software | From | Fixed in |
|---|---|---|
| vmware / vcenter_server_appliance | 5.1-update_2 | 5.1-update_2.x |
| vmware / vcenter_server_appliance | 5.0-update_3 | 5.0-update_3.x |
| vmware / vcenter_server_appliance | 5.1-update_1 | 5.1-update_1.x |
| vmware / vcenter_server_appliance | 5.1 | 5.1.x |
| vmware / vcenter_server_appliance | 5.0-update_3a | 5.0-update_3a.x |
| vmware / vcenter_server_appliance | 5.5 | 5.5.x |
| vmware / vcenter_server_appliance | 5.0-update_1 | 5.0-update_1.x |
| vmware / vcenter_server_appliance | 5.5-update_1 | 5.5-update_1.x |
| vmware / vcenter_server_appliance | 5.0-update_2 | 5.0-update_2.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime