It should be as ESX 4 is vulnerable as well, with the difference being there is a patch available for ESX 4. I think the recommendation would be to upgrade to atleast ver 4 and apply the patch.
Security advisory located at
VMSA-2014-0010.4 | United States
Regards
Girish