Last Updated: 2016-05-17 19:54:20 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
VMWare published today a security advisory about the following CVEs:
- CVE-2016-3427 Critical JMX issue when deserializing authentication credentials. This vulnerability allows to execute commands to the RMI Server of Oracle JRE JMX without proper authentication. This is a remote and local vulnerability.
- CVE-2016-2077 Important VMWare Workstation and Player for Windows host privilege escalation vulnerability. This vulnerability allows privilege escalation. It's a local vulnerability.
Not all products are affected and not all affected products already has a patch. If there is not a patch, there is a workaround. Check https://www.vmware.com/security/advisories/VMSA-2016-0005.html for more information about your product.
We have not noticed exploits in the wild so far. If you notice one, please let us know using our contact form.