VMware has fixed a critical-severity authentication bypass flaw in its cloud service delivery platform, two weeks after the vulnerability was first disclosed on Nov. 14.
The flaw (CVE-2023-34060) exists in VMware Cloud Director Appliance version 10.5 (if the deployment has been upgraded to 10.5 from an older release), and as of Nov. 30 the fix is available via version 10.5.1. Other Cloud Director Appliance versions (including new installations of 10.5 or 10.4 and below) are not…