April 2, 2023

VMware has released security updates for vCenter Server after fixing arbitrary file read and SSRF vulnerabilities in the vSphere Web Client (FLEX/Flash).

It’s recommended that enterprises running vulnerable instances of the server management platform have been advised to apply relevant updates. Both flaws were designated as ‘important’ in terms of severity.

Advertisements

With a CVSS rating of 7.5, the most severe is the arbitrary file read bug (CVE-2021-21980), abuse of which could potentially enable a malicious actor to gain access to sensitive information.

The SSRF vulnerability (CVE-2021-22049), which has a CVSS of 6.5, was more specifically found in the vSAN Web Client plugin. An attacker could exploit this flaw by accessing an internal service or URL request outside of vCenter Server.

VMware has released security updates that address both flaws for vCenter Server versions 6.5 and 6.7. Patches for both bugs are pending for Cloud Foundation’s 3.x release line, while 4.x is unaffected.

Advertisements

VMware thanked ‘ch0wn’ of Orz lab for reporting the arbitrary file read issue and ‘magiczero’ from the QI-ANXIN Group for reporting the SSRF.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review –April 1st, 2023

TheCyberThrone Security Week In Review –April 1st, 2023

April 2, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – March 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – March 2023

April 2, 2023
IBM Aspera Vulnerability Exploited to install Ransomware

IBM Aspera Vulnerability Exploited to install Ransomware

April 1, 2023
Italy temporarily bans ChatGPT

Italy temporarily bans ChatGPT

April 1, 2023
Cylance Ransomware Dissection

Cylance Ransomware Dissection

April 1, 2023
WordPress Elementor Pro Plugin Vulnerability

WordPress Elementor Pro Plugin Vulnerability

April 1, 2023
%d bloggers like this: