Deserialization Vulnerability in VMware vRealize Automation and vSphere Integrated Containers
CVE-2017-4947

9.8CRITICAL

Key Information:

Vendor

Vmware
Status
Vrealize Automation
Vsphere Integrated Containers
Vendor
CVE Published:
29 January 2018

What is CVE-2017-4947?

VMware's vRealize Automation (versions 7.2 and 7.3) and vSphere Integrated Containers (versions 1.x prior to 1.3) are affected by a deserialization vulnerability through the Xenon service. If leveraged by an attacker, this vulnerability may facilitate the execution of arbitrary code on the appliance, potentially compromising the security and integrity of the affected systems. Users are advised to patch their installations to mitigate risks associated with this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

vRealize Automation 7.3 and 7.2

vSphere Integrated Containers 1.x before 1.3

References

http://www.securityfocus.com/bid/102852
vdb-entryx_refsource_BID
https://www.vmware.com/security/advisories/VMSA-2018-0006...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040289
vdb-entryx_refsource_SECTRACK

EPSS Score

26% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.