Description
VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
Remediation
References
https://www.vmware.com/security/advisories/VMSA-2018-0006.html
http://www.securitytracker.com/id/1040290
http://www.securitytracker.com/id/1040289
http://www.securityfocus.com/bid/102852
Related Vulnerabilities
CVE-2021-26707 Vulnerability in npm package merge-deep
CVE-2022-41940 Vulnerability in maven package org.webjars.bower:engine.io
CVE-2022-24759 Vulnerability in npm package @chainsafe/libp2p-noise
CVE-2020-1954 Vulnerability in maven package org.apache.cxf:cxf-rt-management
CVE-2021-23901 Vulnerability in maven package org.apache.nutch:nutch