Third-party security scan has reported vulnerabilities in a VMware Cloud on AWS SDDC. 

VMC on AWS

• VMC on AWS SDDCs may run on non-standard builds of vCenter and ESXi and this can cause false positives to occur. 
• False positives may also occur due to the [email protected] account not having full administrative privileges to management components. 

• All management components in VMC on AWS SDDCs are managed by the Broadcom team following the shared responsibility model. 
• Scans are regularly run against management components and are mitigated based on Broadcom's response and remediation policy. 
  • Critical: Begin work on a fix or corrective action immediately and provide in the shortest reasonable time
  • Important: Fix is delivered in the next planned maintenance or update
  • Moderate/Low: Fix is delivered in next planned release
• Most critical vulnerabilities are mitigated in VMC on AWS SDDCs before the vulnerability has been disclosed. 

VMware External Vulnerability Response and Remediation Policy

VMware Cloud on AWS Shared Responsibility Model Overview