VMware releases patches for RCE flaw

By on
VMware releases patches for RCE flaw

VMware has released security updates to contend with a vulnerability in vCenter Server.

According to the company's security advisory VMSA-2017-0007, the upgrade mitigates a remote code execution vulnerability via BlazeDS. The vulnerability was designated critical.

Successful exploitation of the flaw could enable a remote attacker to gain control of an affected system.

The remote code execution vulnerability in VMware vCenter Server is owing to use of BlazeDS to process AMF3 messages, the company stated. "This issue may be exploited to execute arbitrary code when deserialising an untrusted Java object."

The flaw exists in the functionality of the Customer Experience Improvement Program (CEIP). Should a customer opt out of the program, the bug is still present.

The Common Vulnerabilities and Exposures project assigned the identifier CVE-2017-5641 to this issue. 

US-CERT advised users and administrators to review the advisory and update as necessary.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What's your top marketing tactic for 2020?
Long lunches with customers and prospects
Content marketing to drive website visits
Social media
More use of CRM
Word of mouth
Online ads
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?