Deserialization Vulnerability in VMware vRealize Automation and vSphere Integrated Containers
CVE-2017-4947

9.8CRITICAL

Key Information:

Vendor
Vmware
Vendor
CVE Published:
29 January 2018

Summary

VMware's vRealize Automation (versions 7.2 and 7.3) and vSphere Integrated Containers (versions 1.x prior to 1.3) are affected by a deserialization vulnerability through the Xenon service. If leveraged by an attacker, this vulnerability may facilitate the execution of arbitrary code on the appliance, potentially compromising the security and integrity of the affected systems. Users are advised to patch their installations to mitigate risks associated with this issue.

Affected Version(s)

vRealize Automation 7.3 and 7.2

vSphere Integrated Containers 1.x before 1.3

References

EPSS Score

27% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.