Security News > 2022 > April > VMware warns of critical vulnerabilities in multiple products
VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks.
"This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious," VMware warned on Wednesday.
The list of critical security flaws patched today includes a server-side template injection remote code execution vulnerability, two OAuth2 ACS authentication bypass vulnerabilities, and two JDBC injection remote code execution vulnerabilities.
The company says that the only way to remove the vulnerabilities entirely is to apply the patches.
"Workarounds, while convenient, do not remove the vulnerabilities, and may introduce additional complexities that patching would not," VMware added.
A document with additional questions and answers regarding the critical vulnerabilities patched today is available here.
News URL
Related news
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)