VMware Announces Bug in vRealize Suites

If you’re using vCAC, vCenter Operations, vRealize Orchestrator, vRealize Automation…you get the idea, then you probably want to be aware of a deserialization vulnerability announced recently by VMware.

http://www.vmware.com/security/advisories/VMSA-2015-0009.html

Several different versions are affected, but there are patches available. The fix…obviously patch your stuff. This will likely require a restart of these services (at least the VMs running them). The deserialization vulnerabilty may mean that it’s hard to validate data, or there may be malformed logic. This could be manipulated by hackers to gain access and control of these pretty important services. 

As different versions are affected, make sure you’re keeping up to date with your patches no matter how old or new your software is!

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top