This is a critical security advisory from VMware (VMSA)
Greetings from the VMware Security Response Center!
By now I am sure you have all heard about the Apache Struts 2 remote code execution vulnerability identified by CVE-2017-5638 which was disclosed last week. If you haven’t, welcome! You can find the original advisory from Apache here to get yourself caught up. In response, the VMware Security Engineering, Communications, and Response group (vSECR) immediately began investigations into the vulnerability and how it may affect our products. The outcome of these investigations can be found in VMSA-2017-0004.
The product teams are working on getting fixes published as soon as possible. For now, the advisory documents available workarounds that concerned customers can implement today. We also want to clarify that products not listed in this advisory are not affected by CVE-2017-5638. VMSA-2017-0004 will be updated when fixes become available for the listed products.
Please sign up to be notified when the VMSA gets updated with fixes and workarounds here.
That’s it for now.
Drop us a line at firstname.lastname@example.org if you have any questions about the advisory.