VMware Discloses and Releases Fixes for 19 Bugs in Products govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.
Weeks after VMware issued patches to address vulnerabilities in its vSphere Client (HTML5), threat intelligence firm Bad Packets says threat actors are mass
Get Permission
VMware has issued patches for two critical vulnerabilities in its IT operations management platform, vRealize Operations, which, if exploited, could allow attackers to steal administrative credentials.
The platform is designed to offer self-driving IT operations management for private, hybrid and multi-cloud environments in a unified platform powered by artificial intelligence.
VMware issued patches on Tuesday for the flaws CVE-2021-21975, which has a CVSS ranking of 8.6, and CVE-2021-21983, which has a CVSSv3 base score of 7.2.
Egor Dimitrenko of Positive Technologies discovered these vulnerabilities and reported them to VMware.
If the two vulnerabilities are chained together, they could enable an attacker to conduct remote code execution in vRealize Operations, Positive Technologies reports.
VMware Patches 2 Flaws in vRealize Operations govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.
BankInfoSecurity
Compliance Twitter Get Permission
VMware has issued patches for a critical vulnerability in its virtual desktop deployment platform, View Planner, which could enable remote code execution.
The vulnerability, CVE-2021-21978, has a CVSS ranking of 8.6, considered highly critical. The flaw is caused by improper input validation and lack of authorization, resulting in arbitrary file upload in VMware s View Planner web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the log upload container, VMware notes.
VMware issued patches for the vulnerability on Tuesday and urged affected customers to immediately apply the fixes. The flaw was identified by a researcher at security firm Positive Technologies.