VMware releases patches for RCE flaw

By on
VMware releases patches for RCE flaw

VMware has released security updates to contend with a vulnerability in vCenter Server.

According to the company's security advisory VMSA-2017-0007, the upgrade mitigates a remote code execution vulnerability via BlazeDS. The vulnerability was designated critical.

Successful exploitation of the flaw could enable a remote attacker to gain control of an affected system.

The remote code execution vulnerability in VMware vCenter Server is owing to use of BlazeDS to process AMF3 messages, the company stated. "This issue may be exploited to execute arbitrary code when deserialising an untrusted Java object."

The flaw exists in the functionality of the Customer Experience Improvement Program (CEIP). Should a customer opt out of the program, the bug is still present.

The Common Vulnerabilities and Exposures project assigned the identifier CVE-2017-5641 to this issue. 

US-CERT advised users and administrators to review the advisory and update as necessary.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

How do you feel about Telstra's new services play?
Telstra has become a direct threat - we'll only work with other carriers
We can live with this - we'll still use Telstra networks
This is an opportunity for us - customers liked working with Telstra's sub-brands
This changes nothing - Telstra was always a competitor
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?