Security News > 2020 > April > Critical VMware Bug Opens Up Corporate Treasure to Hackers
A critical information-disclosure bug in VMware's Directory Service could lay bare the contents of entire corporate virtual infrastructures, if exploited by cyberattackers.
The vmdir in turn is a central component to the vCenter SSO. Also, vmdir is used for certificate management for the workloads governed by vCenter, according to VMware.
"VMware, one of, if not the most, popular virtualization software companies in the world, recently patched an extremely critical information disclosure vulnerabilityone of the most severe vulnerabilities that has affected VMware software," Chris Hass, director of information security and research at Automox, told Threatpost.
"vCenter Server provides a centralized platform for controlling VMware vSphere environments, it helps manage virtual infrastructure in a tremendous number of hybrid clouds, so the scope and impact of this vulnerability is quite large. Organizations using vCenter need to check their vmdir logs for affected versions, ACL MODE: legacy, and patch immediately."
No specific acknowledgments were given for the bug discovery - VMware noted only that it was "Disclosed privately."
News URL
https://threatpost.com/critical-vmware-bug-corporate-treasure-hackers/154682/
Related news
- Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access (source)
- Hackers are exploiting critical bug in LiteSpeed Cache plugin (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical VMware vCenter Server bugs fixed (CVE-2024-38812) (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)