VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0012)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote host has an update manager installed that is affected by
multiple vulnerabilities.

Description :

The version of VMware vCenter Update Manager installed on the remote
Windows host is 5.1 prior to Update 3. It is, therefore, affected by
multiple vulnerabilities related to the bundled version of Oracle JRE
prior to 1.6.0_81.

See also :

http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://lists.vmware.com/pipermail/security-announce/2014/000283.html
http://www.nessus.org/u?fad0eeab

Solution :

Upgrade to vCenter Update Manager 5.1 Update 3 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false