2010-11-16
Secure Network releases the security advisory SN-10-03 for multiple vulnerabilities found in VMware vCenter Update Manager.
SN-10-03: the installation of VMware vCenter Update Manager includes an outdated, unpatched version of the Jetty web server, which is affected by multiple well-known issues. Through these vulnerabilities, an unauthenticated attacker can access arbitrary files on the system running vCenter Update Manager (usually the same running the vCenter Server) or execute Cross Site Scripting attacks.