vCenter phoned home 'customer improvement' data and opened remote code execution hole | WHAT REALLY HAPPENED


vCenter phoned home 'customer improvement' data and opened remote code execution hole

Ever worried that software phoning home application performance data so vendors can learn from real-world users might become an attack vector? If so, your nightmare just came true: VMware's vCenter has just that problem, thanks to its use of the Adobe-derived open source BlazeDS messaging tool to process messages.

VMware's issued patches to vCenter 6.0 and vCenter 6.5, both rated critical. Previous versions of vCenter don't have the problem. Nor do users who opted out of VMware's Customer Experience Improvement Program.

Comments

vir

z00mcopterdown

virtualbox much better, to bad oracle bought sun, however, the core team is still the original. cool dudes.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA