CVE-2017-4947

Name of the Vulnerable Software and Affected Versions VMware vRealize Automation versions 7.2 through 7.3 vSphere Integrated Containers versions 1.x before 1.3

Description The issue is caused by a deserialization vulnerability via Xenon, which may allow remote attackers to execute arbitrary code on the appliance by sending specially crafted data to the Xenon service. This vulnerability exists due to the restoration in memory of an untrusted data structure.

Recommendations For VMware vRealize Automation versions 7.2 and 7.3, update to a version that contains a fix for this issue. For vSphere Integrated Containers versions 1.x before 1.3, update to version 1.3 or later. As a temporary workaround, consider restricting access to the Xenon service to minimize the risk of exploitation.