VMWare issue updates for Java vulnerability

Virtual machine maker VMware issued updates on Thursday to address a critical information disclosure issue in Oracle's Java runtime environment (JRE).

VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to the bug, CVE-2014-6593, according to the company's security advisory. The vulnerability also is referred to as “SKIP” or “SKIP-TLS.”

Although multiple products were patched, the company said updates were pending for certain products that might not have had as severe of a vulnerability because it was not internet-facing.

Affected products include: Horizon View 6.x or 5.3, Horizon Workspace Portal Server 2.1 or 2.0, vCenter Operations Manager 5.8x or 5.7x, vCloud Automation Center 6.0.1, and VSphere Replication prior to 5.8.0.2 or 5.6.0.3, among others.