VmWare releases security patch to fix flaws in vRealize Automation, vSphere Integrated Containers, and AirWatch Console

Today, VmWare has released a security update to address multiple vulnerabilities in vRealize Automation, vSphere Integrated Containers, and AirWatch Console. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Image: VmWare

The details are below:

• CVE-2017-4947
  vRealize Automation and vSphere Integrated Containers contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
  Affected version
  • vRealize Automation 7.2 & 7.3
  • vSphere Integrated Containers 1.x
    Solution  
    • VMware vRealize Automation 7.3 patch: KB52326, KB52316
    • VMware vRealize Automation 7.2 patch: KB52320
    • VMware vSphere Integrated Containers 1.3 patch
• CVE-2017-4951
  VMware AirWatch Console contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.
  Affected version
  
  • VMware AirWatch Console 9.2.x
    
  • VMware AirWatch Console 9.1.x
    Solusion
    • Update to VMware AirWatch Console 9.2.2
    • VMware AirWatch Console 9.1.5