Security News > 2020 > April > VMware plugs critical flaw in vCenter Server, patch ASAP!
VMware has fixed a critical vulnerability affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to compromise vCenter Server or other services which depend on the VMware Directory Service for authentication.
vCenter Server is server management software for controlling VMware vSphere environments.
"Under certain conditions vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller, does not correctly implement access controls. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 10.0," the company noted in an advisory published last week.
The vulnerability exists in vCenter Server 6.7, running on Windows or a virtual appliance, only if the installations were upgraded from a previous release line such as 6.0 or 6.5.
"Clean installations of vCenter Server 6.7 are not affected. vCenter Server versions 6.5. and 7.0 are unaffected," the company pointed out.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/D84QW5YsiWs/
Related news
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- Patch up – 4 critical bugs in ArubaOS lead to remote code execution (source)