I know it’s a few days late but i wanted to make a short blog post about this anyway. 2015-04-02 VMware released a security advisory (VMSA). The VMSA addresses the critical vulnerability in JRE which is used in many VMware products.
Some of the affected products includes
- Horizon View 6.x or 5.x
- Horizon Workspace Portal Server 2.1 or 2.0
- vCenter Operations Manager 5.8.x or 5.7.x
- vCloud Automation Center 6.0.1
- vSphere Replication prior to 5.8.0.2 or 5.6.0.3
- vRealize Automation 6.2.x or 6.1.x
- vRealize Code Stream 1.1 or 1.0
- vRealize Hyperic 5.8.x, 5.7.x or 5.0.x
- vSphere AppHA Prior to 1.1.x
- vRealize Business Standard prior to 1.1.x or 1.0.x
- NSX for Multi-Hypervisor prior to 4.2.4
- vRealize Configuration Manager 5.7.x or 5.6.x
- vRealize Infrastructure 5.8, 5.7
Some of the affected products have patche(es) available but in many cases the patch(es) are pending so make sure to monitor the VMware download site for additional patches in the near future.
The VMware Security Advisory is available here