Description
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Remediation
Upgrade to the latest version of VMware vCenter.
References
Related Vulnerabilities
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)
WordPress Plugin Loco Translate PHP Code Injection (2.5.3)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)
Oracle WebLogic Remote Code Execution via IIOP
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1