a. VDP Java deserialization issue
VDP contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
VMware would like to thank Tim Roberts, Arthur Chilipweli, and Kelly Correll from NTT Security for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4914 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.