It’s going to be a virtual Christmas for virtualisation admins. VMware has let it be known that its vRealize Orchestrator, vRealize Operations, vCenter Operations and vCenter Application Discovery Manager products all need fixing to harden them against “a critical deserialization vulnerability”.
The flaw involves “Apache Commons-collections and a specially constructed chain of classes” and can result in “result in remote code execution, with the permissions of the application using the Commons-collections library.”
Read more at The Register