Mikhail Stepanin

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server version 6.0 before U2 VMware ESXi version 6.0 **Description** The issue is related to a CRLF injection vulnerability that allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. This is due to the failure to properly handle CRLF sequences, allowing user-supplied data to be added to HTTP response headers without proper processing. As a result, an attacker can control HTTP response headers and bodies, potentially leading to cross-site scripting attacks and attacks on intermediate proxy servers. **Recommendations** For VMware vCenter Server version 6.0 before U2, update to version U2 or later to resolve the issue. For VMware ESXi version 6.0, update to a version that includes the fix for this issue, as no specific version is mentioned as being unaffected. At the moment, there is no information about a newer version that contains a fix for VMware ESXi version 6.0.

**Name of the Vulnerable Software and Affected Versions** VMware vSphere Client versions 5.5 before U3e VMware vSphere Client versions 6.0 before U2a **Description** The issue is related to an XML External Entity (XXE) problem, where an XML document containing an external entity declaration in conjunction with an entity reference can be used to read arbitrary files. This is due to incorrect restriction of XML links to external objects. Exploitation of the issue may allow a remote attacker to access confidential information by convincing a user to connect to a malicious vCenter or ESXi server. **Recommendations** For versions 5.5 before U3e, update to U3e or later to resolve the issue. For versions 6.0 before U2a, update to U2a or later to resolve the issue. As a temporary workaround, consider restricting access to the vCenter and ESXi servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server versions 5.5 before U3e and 6.0 before U2a **Description** The issue is related to an XML External Entity (XXE) problem, where there is an incorrect restriction of XML links to external objects. This can be exploited by a remote attacker to gain access to confidential information by sending a specially crafted XML request to the server. The exploitation is possible through the Log Browser, Distributed Switch setup, or Content Library XML document. **Recommendations** For versions 5.5 before U3e, update to U3e or later to resolve the issue. For versions 6.0 before U2a, update to U2a or later to resolve the issue. As a temporary workaround, consider restricting access to the Log Browser, Distributed Switch setup, and Content Library XML documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server versions 5.5 before U3e and 6.0 before U2a VMware vRealize Automation versions 6.x before 6.2.5 **Description** The issue is related to the Single Sign-On feature in VMware products, specifically an XML External Entity (XXE) problem. This is due to incorrect restriction of XML links to external objects. Exploitation can allow a remote attacker to cause a denial of service or gain access to confidential information by using specially crafted XML requests. The vulnerability can be exploited by sending an XML document containing an external entity declaration in conjunction with an entity reference, allowing attackers to read arbitrary files. **Recommendations** For VMware vCenter Server versions 5.5 before U3e, update to U3e or later. For VMware vCenter Server versions 6.0 before U2a, update to U2a or later. For VMware vRealize Automation versions 6.x before 6.2.5, update to 6.2.5 or later. As a temporary workaround, consider restricting access to the Single Sign-On feature until a patch is applied.