Interviews

What’s new with your favorite virtualization companies and executives.

Events

Check out what’s happening in your area, from webinars to lunch and learns.

Blogs

Get the scoop on the latest technology news from industry experts.

How To’s

Step by step instructions on a variety of need to know virtualization topics.

News

Take a look at the industries most recent company and product annoucements.


Home » Blogs

vCenter’s phone-home ‘customer improvement’ feature opened remote code execution hole

Submitted by on April 19, 2017 – 12:48 amNo Comment

Ever worried that software phoning home application performance data so vendors can learn from real-world users might become an attack vector? If so, your nightmare just came true: VMware’s vCenter has just that problem, thanks to its use of the Adobe-derived open source BlazeDS messaging tool to process messages.

VMware’s issued patches to vCenter 6.0 and vCenter 6.5, both rated critical. Previous versions of vCenter don’t have the problem. But even users who opted out of VMware’s Customer Experience Improvement Program are susceptible.

To read the entire article, please click on this link https://www.theregister.co.uk/2017/04/18/vmware_security_roundup/