September 27, 2023

The U.S. CISA has added a critical vulnerability in VMware’s Cloud Foundation, tracked as CVE-2021-39144 with a CVSS score: 9.8 to its Known Exploited Vulnerabilities Catalog.

The RCE vulnerability present in the XStream open-source library. Unauthenticated attackers can exploit the vulnerability in low-complexity attacks without user interaction.

Advertisements

VMware has confirmed that exploit code leveraging CVE-2021-39144 against impacted products has been published. Due to the severity of the flaw, VMware also released security updates for some end-of-life products.

CISA orders federal agencies to fix this flaw by March 31, 2023.

Tags:

Leave a Reply

You may have missed

BORN Canada latest victim of MoveIT data breach

September 27, 2023

Hardware Supply Chain Risk Assessment from CISA

September 27, 2023

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023
%d bloggers like this: