Critical Infrastructure Security, Network Security, Patch/Configuration Management, Vulnerability Management

Information disclosure bug patched with VMware update

VMware issued an advisory on Wednesday to patch an information disclosure issue.

The Palo Alto, Calif.-based cloud and virtualization software and services firm reported that a specially crafted XML request transmitted to a server could lead to unintended information being disclosed. 

Owing to a flaw in the processing of XML External Entity (XXE) requests, this vulnerability could affect VMware products using Flex BlazeDS, the company said in its advisory number VMSA-2015-0008.

Users are advised to apply the latest patch – CVE-2015-3269 – to affected systems.

The company thanked Matthias Kaiser of Code White for reporting the bug.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.