By Eduard Kovacs on May 18, 2016 VMware has released updates for several of its products to patch a couple of vulnerabilities rated critical and important.
The critical vulnerability is related to how the RMI server of Oracle JRE JMX deserializes authentication credentials. A remote, unauthenticated attacker can leverage the weakness to cause deserialization flaws and execute arbitrary commands.
The flaw, tracked as CVE-2016-3427, affects vCenter Server 5.0, 5.1, 5.5 and 6.0 on both Windows and Linux; vSphere Replication 5.6.x, 5.8.x, 6.0.x and 6.1.x on Linux; vCloud Director 5.5.x, 5.6.x and 8.0.x on Linux; and all non-appliance versions of vRealize Operations Manager 6.x. Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.