VMware has released updates for several of its products to patch a couple of vulnerabilities rated critical and important.
The critical vulnerability is related to how the RMI server of Oracle JRE JMX deserializes authentication credentials. A remote, unauthenticated attacker can leverage the weakness to cause deserialization flaws and execute arbitrary commands.