Security News > 2023 > January > Logfile management is no fun. Now it's a nightmare thanks to critical-rated VMware flaws
VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software.
There are no reports of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware.
"An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," VMware warned about both critical bugs.
Updating to VMware vRealize Log Insight 8.10.2 should plug all four holes, according to the vendor, and VMware issued workaround instructions as well.
The Zero Day Initiative found all four bugs and reported them to VMware.
The latest security holes come a couple of months after VMware disclosed three critical-rated flaws in Workspace ONE Assist for Windows - a product used by IT and help desk staff to remotely take over and manage employees' devices.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/01/25/critical_vmware_flaws/