VMware issued an advisory on Wednesday to patch an information disclosure issue.
The Palo Alto, Calif.-based cloud and virtualization software and services firm reported that a specially crafted XML request transmitted to a server could lead to unintended information being disclosed.
Owing to a flaw in the processing of XML External Entity (XXE) requests, this vulnerability could affect VMware products using Flex BlazeDS, the company said in its advisory number VMSA-2015-0008.
Users are advised to apply the latest patch – CVE-2015-3269 – to affected systems.
The company thanked Matthias Kaiser of Code White for reporting the bug.
Several products of VMware are affected by CVE-2015-3269 (BlazeDS) https://t.co/uv8ffyjdis Better patch quickly.— code white GmbH (@codewhitesec) November 20, 2015