Doug Mcleod

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server versions 5.0 through 5.0 u3e VMware vCenter Server versions 5.1 through 5.1 u3b VMware vCenter Server versions 5.5 through 5.5 u3 VMware vCenter Server versions 6.0 through 6.0 u1 **Description** The issue is related to the JMX RMI service in VMware vCenter Server, which does not properly restrict the registration of MBeans. This allows remote attackers to execute arbitrary code via the RMI protocol. The vulnerability is also associated with configuration errors of the JMX server, including the lack of authentication and encryption procedures when clients connect to the JMX server. Exploitation of the vulnerability can enable a remote attacker to execute arbitrary Java code. **Recommendations** For versions 5.0 through 5.0 u3e, update to version 5.0 u3e or later. For versions 5.1 through 5.1 u3b, update to version 5.1 u3b or later. For versions 5.5 through 5.5 u3, update to version 5.5 u3 or later. For versions 6.0 through 6.0 u1, update to version 6.0 u1 or later. As a temporary workaround, consider restricting access to the JMX RMI service to minimize the risk of exploitation.