Deserialization Vulnerability in VMware vRealize Automation and vSphere Integrated Containers
CVE-2017-4947
9.8CRITICAL
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 29 January 2018
Summary
VMware's vRealize Automation (versions 7.2 and 7.3) and vSphere Integrated Containers (versions 1.x prior to 1.3) are affected by a deserialization vulnerability through the Xenon service. If leveraged by an attacker, this vulnerability may facilitate the execution of arbitrary code on the appliance, potentially compromising the security and integrity of the affected systems. Users are advised to patch their installations to mitigate risks associated with this issue.
Affected Version(s)
vRealize Automation 7.3 and 7.2
vSphere Integrated Containers 1.x before 1.3
References
EPSS Score
27% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved