VMware vCenter Multiple Vulnerabilities (VMSA-2012-0013)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has a virtualization management application installed
that is affected by multiple vulnerabilities.

Description :

The version of VMware vCenter installed on the remote host is 4.0
earlier than Update 4a, 4.1 earlier than Update 3, or 5.0 earlier than
Update 2. As such, it is potentially affected by multiple
vulnerabilities in the included Oracle (Sun) Java Runtime
Environment.

See also :

http://www.vmware.com/security/advisories/VMSA-2012-0013.html
http://lists.vmware.com/pipermail/security-announce/2012/000197.html

Solution :

Upgrade to VMware vCenter Server 4.0 Update 4a / 4.1 Update 3 / 5.0
Update 2 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true