VMware ESXi and ESX are vulnerable to a denial of service that is caused by a NULL pointer dereference when handling Network File Copy (NFC) traffic. By intercepting and modifying the NFC traffic between ESXi/ESX and the client, an attacker could exploit this vulnerability to cause a denial of service.
VMware ESXi and ESX are vulnerable to a denial of service that is caused by the improper handling of invalid ports. A local attacker could exploit this vulnerability to cause the VMX process to fail.
VMware vCloud Director is vulnerable to cross-site request forgery that is caused by improper validation of user-supplied input by the Hyper Text Transfer Protocol (http) session management. It persuades an authenticated user to visit a malicious Web
CVE(s): CVE-2014-1207, CVE-2014-1208 and CVE-2014-1211
Affected product(s) and affected version(s):
IBM CloudBurst 1.2, 2.0, 2.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21669248
X-Force Database: http://xforce.iss.net/xforce/xfdb/90559
X-Force Database: http://xforce.iss.net/xforce/xfdb/90558
X-Force Database: http://xforce.iss.net/xforce/xfdb/90560