6.5.0c addresses the Apache BlazeDS security vulnerability.
Resolved IssuesVMware vCenter Server contains a remote code execution vulnerability due the use of BlazeDS to process AMF3 messages. This issue may be exploited to execute arbitrary code when deserializing an untrusted Java object. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-5641 to this issue.
The new build is:
Release Date: 2017-04-13
Build Number: 5318112
The new patch is: