NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue

VMware Security Advisory
Advisory ID: VMSA-2016-0009
Synopsis: VMware vCenter Server updates address an important reflective cross-site scripting issue
Issue date: 2016-06-14
Updated on: 2016-06-14 (Initial Advisory)
CVE numbers: CVE-2015-6931
1. Summary
VMware vCenter Server updates address an important refelctive
cross-site scripting issue.
2. Relevant Releases
vCenter Server 5.5 prior to 5.5 update 2d
vCenter Server 5.1 prior to 5.1 update 3d
vCenter Server 5.0 prior to 5.0 update 3g
3. Problem Description

   a. Important vCenter Server reflected cross-site scripting issue

The vSphere Web Client contains a reflected cross-site scripting
vulnerability due to a lack of input sanitization. An attacker can
exploit this issue by tricking a victim into clicking a malicious

VMware would like to thank Matt Schmidt for reporting this issue to

The Common Vulnerabilities and Exposures project ( has
assigned the identifier CVE-2015-6931 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is

VMware Product Running Replace with/
Product Version on Apply Patch
vCenter Server 6.0 Any not affected
vCenter Server 5.5 Any 5.5 U2d *
vCenter Server 5.1 Any 5.1 U3d *
vCenter Server 5.0 Any 5.0 U3g *

* The client side component of the vSphere Web Client does not need
to be updated to remediate CVE-2015-6931. Updating the vCenter
Server is sufficient to remediate this issue.

4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

vCenter Server
Downloads and Documentation:

5. References

6. Change log

2016-06-14 VMSA-2016-0009
Initial security advisory in conjunction with the release of VMware
vCenter Server 5.0 U3g on 2016-06-14.

Created on June 14, 2016 by Rick Scherer

Posted under Alert.

This blog has 6,321 views.

Tags: , , , ,

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Leave a Comment

Name (required)

Email (required)



More Blog Post