VMware issued security updates for vSphere Data Protection (VDP) to address multiple security vulnerabilities, one of them rated critical.
The critical remote code vulnerability (CVE-2018-11066) in VDP could allow a remote unauthenticated attacker to exploit the vulnerability and then execute arbitrary commands on the target system.
The other fixes address an ‘open redirection’ bug (CVE-2018-11067), a ‘command injection’ bug (CVE-2018-11076) and an ‘information disclosure’ bug (CVE-2018-11077).
Patches are available for download from the VMware security advisory (VMSA-2018-0029).