Security News > 2023 > January > Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws
VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software.
There are no reports of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware.
"An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," VMware warned about both critical bugs.
Updating to VMware vRealize Log Insight 8.10.2 should plug all four holes, according to the vendor, and VMware issued workaround instructions as well.
The Zero Day Initiative found all four bugs and reported them to VMware.
The latest security holes come a couple of months after VMware disclosed three critical-rated flaws in Workspace ONE Assist for Windows - a product used by IT and help desk staff to remotely take over and manage employees' devices.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/01/25/critical_vmware_flaws/
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)