Information disclosure bug patched with VMware update

VMware issued an advisory to patch an information disclosure issue.
VMware issued an advisory to patch an information disclosure issue.

VMware issued an advisory on Wednesday to patch an information disclosure issue.

The Palo Alto, Calif.-based cloud and virtualization software and services firm reported that a specially crafted XML request transmitted to a server could lead to unintended information being disclosed. 

Owing to a flaw in the processing of XML External Entity (XXE) requests, this vulnerability could affect VMware products using Flex BlazeDS, the company said in its advisory number VMSA-2015-0008.

Users are advised to apply the latest patch – CVE-2015-3269 – to affected systems.

The company thanked Matthias Kaiser of Code White for reporting the bug.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS