VMware on Thursday fixed a critical directory traversal vulnerability (CVE-2012-5978) in its View server products, which if exploited, could enable a remote attacker to access arbitrary files from affected View Servers.
The vulnerability affects both the View Connection Server and the View Security Server, VMware said, and recommends that customers update both servers immediately.
Affected versions include VMware View 5.x prior to version 5.1.2, and VMware View 4.x prior to version 4.6.2.
For those who are who are unable to immediately patch their View Servers, there are workarounds and considerations that VMware provided, including:
• Disable Security Server – Disabling the Security Server will prevent exploitation of the vulnerability over untrusted remote networks. To restore functionality for remote users, allow them to connect to the Connection Server via a VPN.
• Block directory traversal attempts – Using an intrusion protection system (IPS) or application layer firewall customers may be able to block directory traversal attacks. Check with your network security security administrators on how this could be done.
VMware credited researchers from Digital Defense, Inc. for reporting the issue.
The release notes with additional details and download links are available here.
View 5.1.2 – Release Notes | Download Page
View 4.6.2 – Release Notes| Download Page
Related Reading: Keeping Up With Threats in the Virtualized Data Center
Related Reading: Virtualized Data Center Security Part 1

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
