Security News > 2022 > April > VMware warns of critical vulnerabilities in multiple products
VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks.
"This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious," VMware warned on Wednesday.
The list of critical security flaws patched today includes a server-side template injection remote code execution vulnerability, two OAuth2 ACS authentication bypass vulnerabilities, and two JDBC injection remote code execution vulnerabilities.
The company says that the only way to remove the vulnerabilities entirely is to apply the patches.
"Workarounds, while convenient, do not remove the vulnerabilities, and may introduce additional complexities that patching would not," VMware added.
A document with additional questions and answers regarding the critical vulnerabilities patched today is available here.
News URL
Related news
- GitLab patches critical authentication bypass vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)