VMWARE FIXES CRITICAL RCE IN VCENTER SERVER
threatpost | April 17, 2017
VMware patched a critical vulnerability in its vCenter Server platform late last week that could have let an attacker execute arbitrary code in some scenarios.The vulnerability affected two versions of vCenter, 6.5 and 6.0. Users are encouraged to update to the most recent versions, 6.5c, and 6.0U3b, pushed on Thursday. The vulnerability technically stems from the usage of BlazeDS to process AMF3 messages. BlazeDS, originally developed by Adobe, is a server-based Java remoting and web-based messaging technology. AMF3, or Action Message Format 3, is a compact binary is a message format, also developed by Adobe, used by Flash apps to communicate and to serialize ActionScript object graphs.