
The U.S. CISA has added a critical vulnerability in VMware’s Cloud Foundation, tracked as CVE-2021-39144 with a CVSS score: 9.8 to its Known Exploited Vulnerabilities Catalog.
The RCE vulnerability present in the XStream open-source library. Unauthenticated attackers can exploit the vulnerability in low-complexity attacks without user interaction.
Advertisements
VMware has confirmed that exploit code leveraging CVE-2021-39144 against impacted products has been published. Due to the severity of the flaw, VMware also released security updates for some end-of-life products.
CISA orders federal agencies to fix this flaw by March 31, 2023.