Description
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Remediation
Upgrade to the latest version of VMware vCenter.
References
Related Vulnerabilities
WordPress Plugin Subscribe Form Remote Command Execution (1.1)
Security update: Hotfix available for ColdFusion
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)