VMware ESXi 6.5, Patch Release ESXi650-201712103-SG: Updates esx-ui VIB
search cancel

VMware ESXi 6.5, Patch Release ESXi650-201712103-SG: Updates esx-ui VIB


Article ID: 345516


Updated On:




Release date: December 19, 2017

Patch CategorySecurity
Patch SeverityImportant
Host Reboot RequiredNo
Virtual Machine Migration or Shutdown RequiredNo
Affected HardwareN/A
Affected SoftwareN/A
VIBs Included
  • VMware_bootbank_esx-ui_1.23.0-6506686
PRs Fixed 1978164
Related CVE numbersCVE-2017-4940


Summaries and Symptoms

This patch updates the esx-ui VIB to resolve the following issue:

  • This release resolves a vulnerability in the ESXi Embedded Host Client that might allow for stored cross-site scripting (XSS). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4940 to this issue.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command. For details, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.