Security News > 2021 > July > VMware Patches Vulnerabilities in ESXi, ThinApp
VMware on Tuesday announced the availability of patches for vulnerabilities impacting its ESXi hypervisor, Cloud Foundation hybrid cloud platform, and ThinApp application virtualization tool.
According to VMware, a malicious actor that has network access to port 5989 on ESXi may send a specially crafted request to bypass SFCB authentication.
The bug, VMware says, could be exploited by a malicious actor that has network access to port 427 on ESXi to cause a DoS condition.
Tracked as CVE-2021-22000 and having a CVSS score of 6.8, the security hole in VMware ThinApp is caused by insecure loading of DLLs. The DLL hijacking bug could be exploited by a malicious actor with non-administrative privileges to elevate privileges to administrator level on the Windows operating system on which ThinApp is installed.
No workarounds exist to remediate the vulnerability, but VMware has released a patch and recommends applying it to remain protected.
VMware ThinApp version 5.2.10 fixes the bug.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-13 | CVE-2021-22000 | Uncontrolled Search Path Element vulnerability in VMWare Thinapp VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. | 7.8 |