Hello,
There are a number of vulnerabilities that have been addressed already. Can you list the CVEs or whatever you used to determine there are issues. That would help quite a bit in how to address them.
In general, you need a fix from VMware or may need to change the configuration file by hand... One such change is to remove the ability to steal VMDKs without login... There is a KB article and the vSphere Hardening Guide has a solution for this as well.
Best regards,
Edward L. Haletky
Communities Moderator, VMware vExpert,
Author: VMware vSphere and Virtual Infrastructure Security,VMware ESX and ESXi in the Enterprise 2nd Edition
Podcast: The Virtualization Security Podcast Resources: The Virtualization Bookshelf
I am currently hardening Our Vsphere 4.1 Infrastructure. The Alert Logic scans indicates that tomcat needs to be updated. Is there a certain procedure available to do this for the Vcenter server?
Thanks In Advance
Hello,
For vCenter, you need to upgrade your vCenter instance from the VMware ISO, installation exe just like you would for any other software. If such a patch exists. If you have the absolutely latest vCenter then all patches are included in general. However, there could be some one off patches that are located at www.vmware.com/security
Good luck!
Best regards,
Edward L. Haletky
Communities Moderator, VMware vExpert,
Author: VMware vSphere and Virtual Infrastructure Security,VMware ESX and ESXi in the Enterprise 2nd Edition
Podcast: The Virtualization Security Podcast Resources: The Virtualization Bookshelf