Security News > 2021 > May > VMware warns of critical bug affecting all vCenter Server installs
VMware urges customers to patch a critical remote code execution vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments.
vCenter Server is a server management solution that helps IT admins manage virtual machines and virtualized hosts within enterprise environments via a single console.
"The vSphere Client contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server," VMware explains.
According to VMware, the vulnerable "Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, whether or not vSAN is being used."
The steps needed to disable vCenter Server plugins on Linux-based virtual appliances and Windows-based vCenter Server deployments by configuring them as incompatible can be found here.
In February, VMware addressed a similar critical RCE bug affecting all vCenter Server deployments running a vulnerable vCenter Server plugin for vRealize Operations present in all default installations.