Vulnerability Description
VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vrealize Automation | 7.2.0 |
| Vmware | Vsphere Integrated Containers | < 1.3.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102852Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040289Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040290Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0006.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/102852Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040289Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040290Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0006.htmlPatchVendor Advisory
FAQ
What is CVE-2017-4947?
CVE-2017-4947 is a vulnerability with a CVSS score of 9.8 (CRITICAL). VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote at...
How severe is CVE-2017-4947?
CVE-2017-4947 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-4947?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vrealize Automation, Vmware Vsphere Integrated Containers.