VMware Information for VU#307983
Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
- Vendor Information Help Date Notified: 16 Mar 2017
- Statement Date: 14 Apr 2017
- Date Updated: 14 Apr 2017
No statement is currently available from the vendor regarding this vulnerability.
VMware uses Flex BlazeDS, and has released security advisory VMSA-2017-0007 to address this issue.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.