Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.140254
Category:General
Title:VMware vCenter Server Remote Code Execution Vulnerability (VMSA-2017-0007)
Summary:Remote code execution vulnerability via BlazeDS.
Description:Summary:
Remote code execution vulnerability via BlazeDS.

Vulnerability Insight:
VMware vCenter Server contains a remote code execution
vulnerability due to the use of BlazeDS to process AMF3 messages. This issue may be exploited to
execute arbitrary code when deserializing an untrusted Java object.

Affected Software/OS:
VMware vCenter Server 6.5 and 6.0.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-5641
BugTraq ID: 97383
http://www.securityfocus.com/bid/97383
CERT/CC vulnerability note: VU#307983
https://www.kb.cert.org/vuls/id/307983
http://mail-archives.apache.org/mod_mbox/flex-dev/201703.mbox/%3C6B86C8D0-6E36-48F5-AC81-4AB3978F6746@c-ware.de%3E
http://www.securitytracker.com/id/1038273
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.