Security News > 2020 > April > VMware plugs critical flaw in vCenter Server, patch ASAP!
VMware has fixed a critical vulnerability affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to compromise vCenter Server or other services which depend on the VMware Directory Service for authentication.
vCenter Server is server management software for controlling VMware vSphere environments.
"Under certain conditions vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller, does not correctly implement access controls. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 10.0," the company noted in an advisory published last week.
The vulnerability exists in vCenter Server 6.7, running on Windows or a virtual appliance, only if the installations were upgraded from a previous release line such as 6.0 or 6.5.
"Clean installations of vCenter Server 6.7 are not affected. vCenter Server versions 6.5. and 7.0 are unaffected," the company pointed out.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/D84QW5YsiWs/
Related news
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)