NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue.
a. NSX Edge Cross-Site Scripting (XSS) issue.
NSX Edge contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.
VMware would like to thank Jarad Kopf of Deltek and Issam Rabhi for independently reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4929 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware NSX for vSphere 6.2.9
VMware NSX for vSphere 6.3.5
6. Change log
Initial security advisory in conjunction with the release of NSX for vSphere 6.3.5 on 2017-11-16.
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories
Consolidated list of VMware Security Advisories
VMware Security Response Policy
VMware Lifecycle Support Phases
VMware Security & Compliance Blog
Copyright 2017 VMware Inc. All rights reserved.