VMware security updates for VDP (VMSA-2018-0029)

VMware issued security updates for vSphere Data Protection (VDP) to address multiple security vulnerabilities, one of them rated critical. 

The critical remote code vulnerability (CVE-2018-11066) in VDP could allow a remote unauthenticated attacker to exploit the vulnerability and then execute arbitrary commands on the target system.

The other fixes address an ‘open redirection’ bug (CVE-2018-11067), a ‘command injection’ bug (CVE-2018-11076) and an ‘information disclosure’ bug (CVE-2018-11077). 

Patches are available for download from the VMware security advisory (VMSA-2018-0029).