1.0 Introduction
Recently, VMware released a security advisory addressing multiple stored Cross-Site Scripting (XSS) vulnerabilities in VMware NSX, VMware Cloud Foundation, and VMware Telco Cloud Platform.
2.0 Impact
These vulnerabilities, if exploited, may allow attackers with valid privileges to inject and execute malicious code in the browsers of other users.
3.0 Affected Products
- Mware NSX: Versions 3.2.x, 4.0.x, 4.1.x, 4.2.x, and 4.2.1.x.
- VMware Cloud Foundation: Versions 4.5x 5.0.x, 5.1.x, and 5.2.x.
- VMware Telco Cloud Infrastructure: Versions 2.x and 3.x.
- VMware Telco Cloud Platform: Versions 3.x, 4.x, and 5.x
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the
VMware Advisories
and apply the necessary updates.
Kindly refer to the following URL:
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:3the 0 MYT
Web:
https://www.mycert.org.my
5.0 References