December 6, 2023

VMware issued patches to address a code execution vulnerability, tracked as CVE-2022-31680 with CVSS score of 7.2 in vCenter Server.

The security issue is an unsafe deserialization vulnerability that resides in the platform services controller and impacts only vCenter Server 6.5 with an external PSC, it was addressed with the release of VMware vCenter Server 6.5 U3u.

Advertisements

VMware also addressed a a null-pointer dereference vulnerability, tracked as CVE-2022-31681 with a CVSS score 3.8, in the VMware ESXi bare metal hypervisor.

A hacker with privileges within the VMX process only, may create a denial of service condition on the host.

The vulnerability is been addressed with the release of ESXi70U3sf-20036586, ESXi670-202210101-SG, and ESXi650-202210101-SG versions.

VMware is not aware of attacks in the wild exploiting the above vulnerabilities

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023

23andMe Breach affected 14K Customers

December 3, 2023
%d