In order to secure its network virtualization and security platform NSX, VMware corrected a serious vulnerability in the management service. A pre-authentication remote code execution (RCE) exploit may be used to take advantage of the vulnerability, which was brought on by an old deserialization issue in an out-of-date Java package.
Despite the product having achieved end-of-life status, VMWare released a patch due to the bug’s criticality. The flaw serves as a reminder of the security difficulties involved in controlling the dependencies of open source software. Read More…