CVE-2014-8371

Name of the Vulnerable Software and Affected Versions VMware vCenter Server Appliance (vCSA) versions 5.0 through 5.0 before Update 3c VMware vCenter Server Appliance (vCSA) versions 5.1 through 5.1 before Update 3 VMware vCenter Server Appliance (vCSA) versions 5.5 through 5.5 before Update 2

Description The issue is related to the improper validation of certificates when connecting to a CIM Server on an ESXi host. This allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate, potentially leading to a Man-in-the-middle attack against the CIM service.

Recommendations For versions 5.0 through 5.0 before Update 3c, update to Update 3c or later. For versions 5.1 through 5.1 before Update 3, update to Update 3 or later. For versions 5.5 through 5.5 before Update 2, update to Update 2 or later.