A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
A malicious actor with local access can escalate privileges to ‘root’.
A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
Refer to VMware Security Advisory for the patch, upgrade or suggested workaround information.