Security News > 2021 > May > VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm
VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States.
Positive Technologies is one of the several Russian tech firms sanctioned in April by the U.S. for allegedly supporting Kremlin intelligence agencies.
The company has reported many serious vulnerabilities to major vendors such as Microsoft, Intel and VMware over the past years and says that it plans to continue doing so.
The latest security hole reported by Positive Technologies to VMware is CVE-2021-21984, a critical remote code execution vulnerability affecting VMware vRealize Business for Cloud.
Egor Dimitrenko, the Positive Technologies researcher who reported the flaw to VMware, told SecurityWeek that the impacted product is typically used within an organization's local network, but claims that his company has seen instances where these systems have been configured in a way that makes them accessible from the internet.
"Positive Technologies has spent nearly two decades building a stellar reputation in this critical field, and we won't stop now," said a company spokesperson.
News URL
Related news
- Download: CIS Critical Security Controls v8.1 (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-07 | CVE-2021-21984 | Command Injection vulnerability in VMWare Vrealize Business for Cloud 7.0 VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. | 7.5 |