Patch Management

Information disclosure bug patched with VMware update

November 20, 2015

VMware issued an advisory on Wednesday to patch an information disclosure issue.

The Palo Alto, Calif.-based cloud and virtualization software and services firm reported that a specially crafted XML request transmitted to a server could lead to unintended information being disclosed. 

Owing to a flaw in the processing of XML External Entity (XXE) requests, this vulnerability could affect VMware products using Flex BlazeDS, the company said in its advisory number VMSA-2015-0008.

Users are advised to apply the latest patch – CVE-2015-3269 – to affected systems.

The company thanked Matthias Kaiser of Code White for reporting the bug.

prestitial ad