“Important” serious errors are both in the vSphere Web Client
VMware released security updates to vCenter Server after fixing random file reading and server-side request forgery (SSRF) vulnerabilities in the vSphere Web Client (FLEX / Flash).
Organizations running vulnerable instances of the server management platform were advised to keep relevant updates from a Safety notice Issued yesterday (November 23).
Both deficiencies were classified as “important” in terms of their severity.
With a CVSS rating of 7.5, the most serious mistake when reading arbitrary files is (CVE-2021-21980), the misuse of which could potentially allow a malicious actor to gain access to sensitive information.
An attacker could exploit this flaw by accessing an internal service or a URL request from outside …