X.509 Certificate Validation Flaw in VMware vSphere Client
CVE-2014-1210

Currently unrated

Key Information:

Vendor: Vmware
Status: Vsphere Client
Vendor: CVE Published:; 11 April 2014

What is CVE-2014-1210?

VMware vSphere Client 5.0 prior to Update 3 and 5.1 prior to Update 2 has a vulnerability due to improper validation of X.509 certificates. This weakness allows attackers to execute man-in-the-middle attacks by spoofing SSL servers with crafted certificates, potentially compromising sensitive communications. Users are encouraged to apply the necessary updates to secure their systems against this risk, as detailed in VMware's security advisory.

References

http://www.vmware.com/security/advisories/VMSA-2014-0003....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2014
Vulnerability Reserved
Jan 7, 2014

Vmware

What is CVE-2014-1210?

References

Timeline