VMware View 3.1.3 addresses an important cross-site scripting vulnerability
|VMware Security Advisory|
|Synopsis:||VMware View 3.1.3 addresses an important cross-site scripting vulnerability|
|Updated on:||2010-05-05 (initial release of advisory)|
Extended support for VMware View (formerly Virtual Desktop Manager (VDM)) 3.x ends on 2011-05-11. Users should plan to upgrade to VMware View 4.0 or the newest release of VMware View.
VMware would like to thank Alexey Sintsov from Digital Security Research Group [DSecRG] for reporting this issue to us. The issue is identifed as DSECRG-09-058 by Digital Security Research Group.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1143 to this issue.
The VMware has rated this issue as important according the the VMware security response policy.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
|VMware View||4.0||Windows||not affected|
|VMware View||3.1.x||Windows||View 3.1.3 build 252693|
VMware View Connection Server
VMware View Agent
VMware View Client
Initial security advisory released in conjunction with VMware View 3.1.3 on 2010-05-05.
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at:
VMware Security Center
VMware security response policy
General support life cycle policy
VMware Infrastructure support life cycle policy