Here's a reason to bite the bullet upgrade to vCenter 6.0
VMware has warned users of its vCenter, vCloud Director and Horizon products that they need to patch a flaw in Flex BlazeDS. The flaw, CVE-2015-3269, means Apache Flex BlazeDS “allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.” The Apache software creates problems when “used in flex-messaging-core.jar in Adobe LiveCycle Data Services”. The...