CVE-2017-4947

9.8CRITICAL

Key Information:

Vendor: Vmware
Status: Vrealize Automation; Vsphere Integrated Containers
Vendor: CVE Published:; 29 January 2018

Summary

VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.

Affected Version(s)

vRealize Automation 7.3 and 7.2

vSphere Integrated Containers 1.x before 1.3

References

http://www.securityfocus.com/bid/102852

vdb-entryx_refsource_BID

https://www.vmware.com/security/advisories/VMSA-2018-0006...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040289

vdb-entryx_refsource_SECTRACK

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2018
Vulnerability Reserved
Dec 26, 2016

.