On March 8th, 2017, a critical vulnerability in Apache Struts 2 identified by CVE-2017-5638 was disclosed that may allow for remote code execution.

VMware has classified this issue as critical and as such began work on a fix or corrective action immediately following the disclosure.

The VMware Security Engineering, Communications, and Response group (vSECR) has completed our investigations of the impact this vulnerability may have on VMware products.

Please see VMSA-2017-0004 for details on the vulnerability, affected products, workarounds, and fixes. Products not mentioned in this advisory are not affected by the vulnerability.