About VMSA, CVE, CVSS and more


A while back I was alerted to something remarkable regarding the VMware security bulletins. But let me first provide some background on these bulletins.

Regularly VMware publishes VMware Security Announcements, also known as VMSA’s.

Fig. 1 – Example VMSA

As VMware states; “VMware Security Advisories document remediation for security vulnerabilities that are reported in VMware products”. The bulletins are created by the VMware Security Response Center (VSRC). The VSRC works closely with customers and security researchers on the analysis and remediation of security issues within VMware products. After validating a report, the VSRC works with VMware R&D on providing solutions. Upon the remediation of an issue a VMSA will be released.
If you don’t receive notifications on the release of new VMSA’s, on this page (or here) you can sign up for the Security Advisories and fond more information.

The latest security advisories can be found on this page. A comprehensive overview over the past years can be found here.

Read the rest of this entry »