** Administrators that have updated to Horizon Workspace Server 1.8.1īetween 4/14/14 and 4/19/14 will need to update to the latest * VMware Horizon View 5.3 Feature Pack 1: Only the HTML AccessĬomponent in the Remote Experience Agent is affected VCloud Automation Center (vCAC) 6.x 6.0.1 + patchĬlient Integration Plug-In *** 5.5 Windows CIP used with VCloud Networking and Security 5.1.3 5.1.4 or later VCloud Networking and Security 5.5.1 5.5.2 or later Horizon Workspace Client 1.8 Windows 1.8.1 or later Horizon Workspace Client 1.8 OSX 1.8.1 or later Horizon Workspace Client 1.5.2 Windows 1.8.1 or later Horizon Workspace Client 1.5.1 Windows 1.8.1 or later Horizon Workspace Client 1.5.2 OSX 1.8.1 or later Horizon Workspace Client 1.5.1 OSX 1.8.1 or later Horizon Workspace Server 1.8 1.8.1 or later ** Horizon Workspace Server 1.5.x horizon-nginx Horizon View Client 2.3.x Windows 2.3.3 or later
Horizon View Client 2.3.x IOS 2.3.3 or later Horizon View Client 2.2.x IOS 2.3.3 or later Horizon View Client 2.1.x IOS 2.3.3 or later Horizon View Client 2.3.x Android 2.3.3 or later Horizon View Client 2.2.x Android 2.3.3 or later
Horizon View Client 2.1.x Android 2.3.3 or later Horizon View Feature Pack * 5.3 FP 1 Feature Pack 2 Horizon Mirage Edge Gateway 4.4.x 4.4.2 or later NSX for Multi-Hypervisor 4.1.x 4.1.1 or later NSX for Multi-Hypervisor 4.0.x 4.0.2 or later
Note: Products that are not affected by these issues have beenĭocumented in VMware Knowledge Base article 2076225. Remediate the vulnerability in each release, if a solution is Instructions and certificate management documentation.Ĭolumn 4 of the following table lists the action required to Section 4 lists product-specific references to installation * Reset passwords per the product-specific documentation * Replace certificates per the product-specific documentation * Deploy the VMware product update or product patches To remediate the issue for products that have updated versions or On this issue may be found in the reference section. The Common Vulnerabilities and Exposures project () hasĪssigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.ĬVE-2014-0160 is known as the Heartbleed issue. The OpenSSL library is updated to version openssl-1.0.1g to Information Disclosure vulnerability in OpenSSL third party library VMware vCloud Networking and Security (vCNS) 5.1.3Ī. VMware vCloud Networking and Security (vCNS) 5.5.1 Horizon Workspace Client 1.8 prior to 1.8.1 Horizon Workspace Server 1.8.x prior to 1.8.1
Horizon Workspace Server 1.5.x without patch horizon-nginx-rpm-1.5.0.0
Horizon View Client 2.1.x, 2.2.x and 2.3.x for Android and IOS Horizon Mirage Edge Gateway 4.4.x prior to 4.4.2
NSX for Multi-Hypervisor 4.1.x prior to 4.1.1 NSX for Multi-Hypervisor 4.0.x prior to 4.0.2 VMware Workstation 10.x prior to version 10.0.2 VMware product updates address OpenSSL security vulnerabilities.ĮSXi 5.5 Update 1 without patch ESXi550-201404001 Synopsis: VMware product updates address OpenSSL securityĬVE numbers: CVE-2014-0076 and CVE-2014-0160