Information disclosure bug patched with VMware update
VMware issued an advisory to patch an information disclosure issue.
VMware issued an advisory on Wednesday to patch an information disclosure issue.
The Palo Alto, Calif.-based cloud and virtualization software and services firm reported that a specially crafted XML request transmitted to a server could lead to unintended information being disclosed.
Owing to a flaw in the processing of XML External Entity (XXE) requests, this vulnerability could affect VMware products using Flex BlazeDS, the company said in its advisory number VMSA-2015-0008.
Users are advised to apply the latest patch – CVE-2015-3269 – to affected systems.
The company thanked Matthias Kaiser of Code White for reporting the bug.
Several products of VMware are affected by CVE-2015-3269 (BlazeDS) https://t.co/uv8ffyjdis Better patch quickly.— code white GmbH (@codewhitesec) November 20, 2015