Critical

UNC3886: Chinese Cyber Espionage Group Exploits Critical VMware Vulnerability

by
UNC3886: Chinese Cyber Espionage Group Exploits Critical VMware Vulnerability

UNC3886: Chinese Cyber Espionage Group Exploits Critical VMware Vulnerability Chinese cyber espionage group UNC3886 has reportedly been exploiting a critical security vulnerability in VMware’s vCenter Server since late 2021. As per the report furnished by cybersecurity firm Mandiant, this significant vulnerability, identified as CVE-2023-34048, was acknowledged and patched by VMware in October. The severity rating … Read more

VMware confirms critical vCenter flaw now exploited in attacks

by
VMware confirms critical vCenter flaw now exploited in attacks

VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation. vCenter Server is a management platform for VMware vSphere environments that helps administrators manage ESX and ESXi servers and virtual machines (VMs). “VMware has confirmed that exploitation of CVE-2023-34048 has occurred in the wild,” the … Read more

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) – Help Net Security

by
VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) – Help Net Security

A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in the wild” exploitation of this flaw – for now. Patches are available and VMware recommends upgrading to VMware Aria … Read more

VMware patches critical access control vulnerability in Aria Automation

by
VMware patches critical access control vulnerability in Aria Automation

VMware has released updates for Aria Automation, its multi-cloud infrastructure automation platform for public, private and hybrid clouds, to fix a critical vulnerability that could allow authenticated attackers to access remote organizations and workflows. VMware Cloud Foundation, a suite of software-defined services for setting up private clouds, is also impacted if the products were deployed … Read more

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

by
Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

Jan 17, 2024NewsroomVulnerability / Cyber Threat Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below – CVE-2023-6548 (CVSS score: 5.5) – Authenticated (low privileged) remote code execution on Management Interface (requires … Read more

Patch now: Critical VMware, Atlassian flaws found

by
Patch now: Critical VMware, Atlassian flaws found

VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. First off, a pair of issues from Atlassian. Most serious is CVE-2023-22527, a template injection flaw that can allow unauthenticated remote code execution (RCE) attacks. It scored a perfect CVSS … Read more

VMware Patches Critical Authentication Bypass Bug

by
VMware Patches Critical Authentication Bypass Bug

VMware has fixed a critical-severity authentication bypass flaw in its cloud service delivery platform, two weeks after the vulnerability was first disclosed on Nov. 14. The flaw (CVE-2023-34060) exists in VMware Cloud Director Appliance version 10.5 (if the deployment has been upgraded to 10.5 from an older release), and as of Nov. 30 the fix … Read more

VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks

by
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks

VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins to manage data centers spread across multiple locations as Virtual Data Centers (VDC). The auth bypass security … Read more

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

by
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

Nov 15, 2023NewsroomNetwork Securit / Vulnerability VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. “On an … Read more