VMware has published an update for vCenter Server 5.0 and 5.1 where CVE-2014-6593 (SKIP-TLS) has been fixed.
It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. A man-in-the-middle attacker could possibly use this flaw to force a connection to be established without encryption being enabled. The update has been already fixed in newer versions of vCenter Server (6.0a, 5.5 Update 2e). More information are available in VMSA-2015-0003.
Product: VMware vCenter Server 5.0
Release date: April 30, 2015
Version: 5.0 Update 3d
Build (Windows): 2656067
Build (Installer): 2692807
Build (Appliance): 2656066
Release Notes | Download
Product: VMware vCenter Server 5.1
Release date: April 30, 2015
Version: 5.1 Update 3a
Build (Windows): 2669725
Build (Installer): 2670344
Build (Appliance): 2670345
Release Notes | Download
If you want to get notified when new patches are released, subscribe to my blog via Email in the sidebar.
Updated: vCenter Release and Build Number History
Updated: VMware Product Latest Version