Remote code execution possible on vRealize Business for Cloud which knows a lot about your private and public platforms VMware has admitted its vRealize Business for Cloud product includes an unauthorised VAMI API that can be exploited to achieve remote code execution on a virtual appliance. The ...

https://go.theregister.com/feed/www.theregister.com/2021/05/06/unauthorised_api_creates_critical_flaw/

#TheRegister