Security News > 2021 > May > VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm

VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States.

Positive Technologies is one of the several Russian tech firms sanctioned in April by the U.S. for allegedly supporting Kremlin intelligence agencies.

The company has reported many serious vulnerabilities to major vendors such as Microsoft, Intel and VMware over the past years and says that it plans to continue doing so.

The latest security hole reported by Positive Technologies to VMware is CVE-2021-21984, a critical remote code execution vulnerability affecting VMware vRealize Business for Cloud.

Egor Dimitrenko, the Positive Technologies researcher who reported the flaw to VMware, told SecurityWeek that the impacted product is typically used within an organization's local network, but claims that his company has seen instances where these systems have been configured in a way that makes them accessible from the internet.

"Positive Technologies has spent nearly two decades building a stellar reputation in this critical field, and we won't stop now," said a company spokesperson.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/QtddKjordFo/vmware-patches-critical-flaw-reported-sanctioned-russian-security-firm