“Important” serious errors are both in the vSphere Web Client

VMware released security updates to vCenter Server after fixing random file reading and server-side request forgery (SSRF) vulnerabilities in the vSphere Web Client (FLEX / Flash).

Organizations running vulnerable instances of the server management platform were advised to keep relevant updates from a Safety notice Issued yesterday (November 23).

Both deficiencies were classified as “important” in terms of their severity.

Read more about the latest corporate security news

With a CVSS rating of 7.5, the most serious mistake when reading arbitrary files is (CVE-2021-21980), the misuse of which could potentially allow a malicious actor to gain access to sensitive information.

the SSRF vulnerability (CVE-2021-22049), which has a CVSS of 6.5, was found more precisely in the vSAN Web Client (vSAN UI) plug-in.

An attacker could exploit this flaw by accessing an internal service or a URL request from outside …

Source link

Leave a Reply