Security News > 2021 > May > VMware warns of critical bug affecting all vCenter Server installs
VMware urges customers to patch a critical remote code execution vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments.
vCenter Server is a server management solution that helps IT admins manage virtual machines and virtualized hosts within enterprise environments via a single console.
"The vSphere Client contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server," VMware explains.
According to VMware, the vulnerable "Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, whether or not vSAN is being used."
The steps needed to disable vCenter Server plugins on Linux-based virtual appliances and Windows-based vCenter Server deployments by configuring them as incompatible can be found here.
In February, VMware addressed a similar critical RCE bug affecting all vCenter Server deployments running a vulnerable vCenter Server plugin for vRealize Operations present in all default installations.
News URL
Related news
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Critical VMware vCenter Server bugs fixed (CVE-2024-38812) (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- GitHub Enterprise Server vulnerable to critical auth bypass flaw (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)
- VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation (source)