The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issuesThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.

CVE-2014-0160 is known as the Heartbleed issue. More information on this issue may be found in the reference section.

To remediate the issue for products that have updated versions or patches available, perform these steps:

Section 4 lists product-specific references to installation instructions and certificate management documentation.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Note: Products that are not affected by thses issues have been documented in VMware Knowledge Base article 2076225.

CPENameOperatorVersion
vcenter serverlt5.5.0c
vcenter serverlt5.5 Update 1a
esxiltESXi550-201404420
esxiltESXi550-201404401
workstationlt10.0.2
fusionlt6.0.3
playerlt6.0.2
nsx for multi-hypervisorlt4.0.2
nsx for multi-hypervisorlt4.1.1
nsx for vspherelt6.0.4

Name	Operator	Version
vcenter server	lt	5.5.0c
vcenter server	lt	5.5 Update 1a
esxi	lt	ESXi550-201404420
esxi	lt	ESXi550-201404401
workstation	lt	10.0.2
fusion	lt	6.0.3
player	lt	6.0.2
nsx for multi-hypervisor	lt	4.0.2
nsx for multi-hypervisor	lt	4.1.1
nsx for vsphere	lt	6.0.4

Rows per page:

1-10 of 361

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

kb.vmware.com/kb/2076225

nessus 46

openvas 21

ibm 43

freebsd_advisory 1

gentoo 1

altlinux 4

securityvulns 18

ubuntu 1

mageia 1

vmware 1

slackware 1

f5 3

ubuntucve 2

cve 1

threatpost 1

prion 2

cvelist 1

veracode 1

freebsd 1

seebug 13

nvd 2

openssl 2

debiancve 1

suse 1

zdt 2

ics 5

packetstorm 3

atlassian 1

thn 4

vulnerlab 1

n0where 1

exploitpack 2

attackerkb 1

fortinet 1

checkpoint_security 1

hp 3

hackerone 1

symantec 1

kitploit 1

intel 1

osv 1

nessus

VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)

2014-04-21 00:00:00

VMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilities

2014-05-03 00:00:00

VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)

2014-05-06 00:00:00

openvas

VMware ESXi/ESX updates address OpenSSL security vulnerabilities (VMSA-2014-0004)

2014-05-08 00:00:00

VMware ESXi updates address OpenSSL security vulnerabilities (VMSA-2014-0004) - Remote Version Check

2014-05-08 00:00:00

Ubuntu: Security Advisory (USN-2165-1)

2014-04-08 00:00:00

ibm

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

2022-02-23 17:14:38

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

2018-06-16 21:17:19

Security Bulletin: Rational Build Forge is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

2018-06-17 04:53:33

freebsd_advisory

FreeBSD-SA-14:06.openssl

2014-04-08 00:00:00

gentoo

OpenSSL: Information Disclosure

2014-04-08 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1g-alt1

2014-04-08 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.1g-alt1

2014-04-07 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1g-alt1

2014-04-07 00:00:00

securityvulns

OpenSSL security vulnerabilities

2014-05-30 00:00:00

[USN-2165-1] OpenSSL vulnerabilities

2014-04-08 00:00:00

FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]

2014-04-20 00:00:00

ubuntu

OpenSSL vulnerabilities

2014-04-07 00:00:00

mageia

Updated openssl package fix two security vulnerabilities

2014-04-08 11:58:47

vmware

VMware product updates address OpenSSL security vulnerabilities

2014-04-14 00:00:00

slackware

[slackware-security] openssl

2014-04-08 15:05:22

K15295 : OpenSSL vulnerability CVE-2014-0076

2014-05-29 00:00:00

SOL15295 - OpenSSL vulnerability CVE-2014-0076

2014-05-29 00:00:00

K15159 : OpenSSL vulnerability CVE-2014-0160

2015-02-16 00:00:00

ubuntucve

CVE-2014-0076

2014-03-25 00:00:00

CVE-2014-0160

2014-04-07 00:00:00

cve

CVE-2014-0076

2014-03-25 13:25:21

threatpost

Second NSA Crypto Tool Found in RSA BSafe

2014-03-31 15:59:27

prion

Design/Logic Flaw

2014-03-25 13:25:00

Buffer overflow

2014-04-07 22:55:00

cvelist

CVE-2014-0076

2014-03-25 01:00:00

veracode

Side-channel Timing Attack

2017-02-08 02:53:24

freebsd

OpenSSL -- Local Information Disclosure

2014-04-07 00:00:00

seebug

OpenSSL ECDSA Nonces恢复漏洞

2014-03-25 00:00:00

BlackBerry Link OpenSSL TLS心跳信息泄漏漏洞

2014-04-16 00:00:00

IBM AIX OpenSSL TLS心跳信息泄漏漏洞

2014-04-16 00:00:00

nvd

CVE-2014-0076

2014-03-25 13:25:21

CVE-2014-0160

2014-04-07 22:55:03

openssl

Vulnerability in OpenSSL CVE-2014-0076

2014-02-14 00:00:00

Vulnerability in OpenSSL CVE-2014-0160

2014-04-07 00:00:00

debiancve

CVE-2014-0076

2014-03-25 13:25:21

suse

update for openssl (important)

2014-04-08 13:04:15

zdt

OpenSSL Heartbeat (Heartbleed) Information Leak Exploit

2014-04-10 00:00:00

OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)

2014-04-09 00:00:00

ics

ABB Relion 650 Series OpenSSL Vulnerability (Update A)

2018-09-06 12:00:00

Schneider Electric Wonderware Intelligence Security Patch for OpenSSL Vulnerability

2018-08-27 12:00:00

Unified Automation OPC SDK OpenSSL Vulnerability

2018-09-06 12:00:00

packetstorm

Heartbleed Proof Of Concept

2014-04-08 00:00:00

OpenSSL Heartbeat (Heartbleed) Information Leak

2014-04-10 00:00:00

OpenSSL TLS Heartbeat Extension Memory Disclosure

2014-04-08 00:00:00

atlassian

Update Tomcat Native DLL in JIRA Installer

2014-06-26 19:39:26

thn

HeartBleed Bug Explained - 10 Most Frequently Asked Questions

2014-04-14 20:40:00

Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable

2014-04-08 08:23:00

Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug

2017-01-22 23:27:00

vulnerlab

HeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu

2014-04-09 00:00:00

n0where

Access Point Impersonation Attacks: hostapd-wpe

2016-04-12 22:19:39

exploitpack

OpenSSL TLS Heartbeat Extension - Heartbleed Information Leak (2) (DTLS Support)

2014-04-24 00:00:00

OpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure

2014-04-08 00:00:00

attackerkb

CVE-2014-0160 (AKA: Heartbleed)

2014-04-07 00:00:00

fortinet

Information Disclosure Vulnerability in OpenSSL (Heartbleed)

2014-04-08 00:00:00

checkpoint_security

Check Point response to OpenSSL vulnerability (CVE-2014-0160)

2014-04-07 21:00:00

HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information

2014-04-23 00:00:00

HPSBPI03031 rev.3 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information

2014-04-30 00:00:00

HPSBPI03014 rev.2 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information

2014-04-22 00:00:00

hackerone

Mail.ru: OpenSSL HeartBleed (CVE-2014-0160)

2014-10-23 15:12:13

symantec

Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version

2016-05-12 08:00:00

kitploit

Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)

2014-04-10 00:55:00

intel

Multiple Intel Software Products and API Services impacted by CVE-2014-0160

2014-04-30 00:00:00

osv

openssl - security update

2014-04-07 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.972 High

EPSS

Percentile

99.8%

JSON

Related for VMSA-2014-0004.7