Apache Struts 2 vulnerability and vCenter

News came out last week about the Apache Struts 2 vulnerability. There are numerous products affected by this vulnerability, but on the VMware side you have Horizon DaaS, vCenter, VROps and Hyperic. This is listed as a Critical severity.

On the vCenter side, this is for the virtual appliance and the Windows version of vCenter for 6.0.x and 6.5.

The question came up, is it a specific build of vCenter 6.0.x? If you look at KB 2149434 it lists 6.0.x. There is no 6.1 version of vCenter. VMware vCenter only has updates 1 through 3. VMware went directly from 6.0.x to 6.5. VMware only has a work around for now until they come out with a patch.

Leave a Reply

Your email address will not be published. Required fields are marked *