Severity: : Critical

  DESCRIPTION

VMware vCenter Server contains a remotely accessible JMX RMI service that is not securely configured. An unauthenticated remote attacker that is able to connect to the service may be able use it to execute arbitrary code on the vCenter server. By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file.

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1007116