A security vulnerability has been discovered in some VMware products (CVE-2017-5638). It’s a critical vulnerability which allows remote code execution (RCE) on Apache Struts 2.
The vulnerability affects the following VMware products:
– DaaS 6.X / 7.X
– Hyperic 5.X
– vCenter 5.5 / 6.0 / 6.5
– vROPS 6.X
A advise page for this vulnerability has been made available by VMware and can be found below.
– Information about: CVE-2017-5638
– VMware security advisories for VMSA-2017-0004