vCenter phoned home 'customer improvement' data and opened remote code execution hole

VMware's also released first vSphere 6.5 hardening guide

Ever worried that software phoning home application performance data so vendors can learn from real-world users might become an attack vector? If so, your nightmare just came true: VMware's vCenter has just that problem, thanks to its use of the Adobe-derived open source BlazeDS messaging tool to process messages."