Greetings from the VMware Security Response Center!
Today we released VMSA-2016-0016 which documents CVE-2016-7457 – a Critical severity issue in vRealize Operations (vROps).
Due to the severity of this issue we have released emergency patches to resolve the issue in the latest supported versions of the product. Generally speaking, privilege escalations would normally fall into the Important severity category but there is also the possibility that an attacker could stop and delete VMs unrelated to vROps so we rated this issue as Critical. In addition, the fix is scheduled to be rolled into the next release of vROps.
Thanks to Edgar Carvalho for reporting this issue to us. Edgar runs a blog over at http://vman.ch. Great find!
That’s it for now.
Drop us a line at firstname.lastname@example.org if you have any questions on the vulnerability or advisory.