VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability

  Severity: CRITICAL

  DESCRIPTION

VMware vCenter Server contains a remotely accessible JMX RMI service that is not securely configured. An unauthenticated remote attacker that is able to connect to the service may be able use it to execute arbitrary code on the vCenter server. By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1007116