Full title: VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit Category: remote exploits Platform: multiple VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows. This Metasploit module will start an LDAP server that the target will need to connect to. This exploit uses the logon page vector. # 0day.today @ http://0day.today/