VMware Information for VU#307983
Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
- Vendor Information Help Date Notified: 16 Mar 2017
- Statement Date: 14 Apr 2017
- Date Updated: 14 Apr 2017
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
VMware uses Flex BlazeDS, and has released security advisory VMSA-2017-0007 to address this issue.
Vendor References
https://www.vmware.com/security/advisories/VMSA-2017-0007.html
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.