The vulnerability of the vSphere Integrated Containers software platform and the vRealize Automation automation tool lies in the ability to execute arbitrary code due to a memory corruption issue. This vulnerability allows an attacker to execute arbitrary code.

🗓️ 28 Mar 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Corruption in vSphere Integrated Containers and vRealize Automation enables remote code execution.

Reporter	Title	Published	Views	Family All 9
CNVD	VMware vRealize Automation and vSphere Integrated Containers Remote Code Execution Vulnerability	29 Jan 201800:00	–	cnvd
CVE	CVE-2017-4947	29 Jan 201816:00	–	cve
Cvelist	CVE-2017-4947	29 Jan 201816:00	–	cvelist
NVD	CVE-2017-4947	29 Jan 201816:29	–	nvd
Prion	Deserialization of untrusted data	29 Jan 201816:29	–	prion
Positive Technologies	PT-2018-1080 · Vmware · Vsphere Integrated Containers +2	26 Jan 201800:00	–	ptsecurity
Veracode	Remote Code Execution (RCE)	29 Jan 201804:55	–	veracode
VMware	VMSA-2018-0006:vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities	24 Jan 201800:00	–	vmware
Tenable Nessus	VMware vRealize Automation Deserialization Vulnerability (VMSA-2018-0006)	6 Feb 201800:00	–	nessus

Vulners

Node

broadcom vmware_aria_automationMatch7.2

OR

broadcom vmware_aria_automationMatch7.3

OR

broadcom vsphere_integrated_containersRange1.0–1.3

Source	Link
securityfocus	www.securityfocus.com/bid/102852
securitytracker	www.securitytracker.com/id/1040289
securitytracker	www.securitytracker.com/id/1040290
vmware	www.vmware.com/security/advisories/VMSA-2018-0006.html
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

6Medium risk

Vulners AI Score6

CVSS 39.8

CVSS 210

EPSS0.26641

memory corruption remote code execution xenon service vSphere Integrated Containers vRealize Automation