- Home
- CVEs with vmware.description==OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0224CVE-2014-0198 CVE-2010-5298CVE-2014-3470CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224.CVE-2014-0198CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration.CVE-2014-0221 and CVE-2014-0195which are listed in the OpenSSL Security Advisory (see Reference section below)do not affect any VMware products. CVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients.CVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using. For readability the affected products have been split into 3 tables below based on the different client-server configurations and deployment scenarios.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top