Critical VMware bug
VMware has advised vRealize Operations (vROPs) users that they have a critical item on their to-do lists thanks to the discovery of a privilege escalation vulnerability that, if exploited, “may allow a vROps user who has been assigned a low-privileged role to gain full access over the application. In addition it may be possible to stop and delete Virtual Machines managed by vCenter.”
That’s bad. Very bad. So VMware has posted a workaround here and says a patch is imminent.
vROPs version 6.3 is vulnerable – earlier VMware said version 6.1 to 6.3 were affected but has since changed its mind on that to just v6.3. ®