VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Severity: CRITICAL
DESCRIPTION
VMware vCenter Server contains a remotely accessible JMX RMI service that is not securely configured. An unauthenticated remote attacker that is able to connect to the service may be able use it to execute arbitrary code on the vCenter server. By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1007116