Prodotti

A portfolio of products and services for modernizing applications and infrastructure

Build better apps

Application Service
A modern app platform
Build Service
Container creation and management
Application Catalog
Production-ready open-source containers
Data Services
Cloud native data and messaging (including GemFire, RabbitMQ, and SQL)

Simplify cloud ops

Kubernetes Grid
Enterprise-ready runtime
Mission Control
Centralized cluster management
Observability
Modern app monitoring and analytics
Service Mesh
App-wide networking and control

Spring

Cloud native Java development

Spring Runtime

OpenJDK, Spring, Apache Tomcat support

CI/CD

Concourse
Delivery pipeline automation

Analytics

Greenplum
Data warehouse for converged analytics

Servizi
Pivotal Labs
Build Apps
Deliver new apps users love
Modernize Apps
Re-architect valuable legacy apps
Piattaforma
Apply the new rules of ops
Education
Build your cloud native skills
VMware Pivotal Act
Services for Nonprofits

All Vulnerability Reports

CVE-2017-8045: Remote code execution in spring-amqp

Severity

High

Vendor

Spring by Pivotal

Description

In affected versions of Spring AMQP, a org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.

Affected VMware Products and Versions

Severity is high unless otherwise noted.

Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7

Mitigation

Users of affected versions should apply the following mitigation:

Releases that have fixed this issue include:
- Spring AMQP: 2.0.0, 1.7.4, 1.6.11, 1.5.7

Credit

This vulnerability was responsibly reported by Man Yue Mo from Semmle and lgtm.com.

References

History

2017-09-19: Initial vulnerability report published