VMware VRealize Operations Manager 6.x Oracle JRE JMX Deserialization RCE (VMSA-2016-0005)
Critical Nessus Plugin ID 91339
SynopsisThe remote host is affected by a remote code execution vulnerability.
DescriptionThe remote VMware vRealize Operations Manager (vROps) 6.x host is affected by a remote code execution vulnerability in the Oracle JRE JMX component due to a flaw related to the deserialization of authentication credentials. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
Note that only non-appliance versions of vRealize Operations Manager are affected by the vulnerability.
SolutionBlock the appropriate ports per the vendor advisory.