VMware has released updates to address two vulnerabilities in vCenter Server and Cloud Foundation that could be used by a remote attacker to gain access to confidential information.

The more serious problem concerns a vulnerability in reading arbitrary files in the vSphere Web Client. The bug, which is tracked as CVE-2021-21980, was rated 7.5 out of a maximum of 10 in the CVSS rating system and affects vCenter Server versions 6.5 and 6.7.

“A malicious actor with network access to port 443 on vCenter Server can exploit this issue to gain access to sensitive information,” the company reported in a Dec.

Automatic GitHub backups

The second deficiency addressed by VMware concerns a server-side request forgery (SSRF) vulnerability in the Virtual Storage Area Network (vSAN) web client plug-in that could allow a malicious actor with network access on port 443 on vCenter Server to the errors by accessing an internal …


Source link

Leave a Reply