Security News

Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers. The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server.

The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We've detected mass scanning activity targeting vulnerable VMware vCenter servers.

In 2020 attackers were observed pivoting their attacks to businesses for which global COVID-19 response efforts heavily relied, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the COVID-19 supply chain. "In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organizations were pushed to the front lines of response efforts for the first time - whether to support COVID-19 research, uphold vaccine and food supply chains, or produce personal protective equipment," said Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-Force.

VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution flaw in its vCenter Server management platform. The researcher found the most critical of the flaws, which is being tracked as CVE-2021-21972 and has a CVSS v3 score of 9.8, in a vCenter Server plugin for vROPs in the vSphere Client functionality, according to an advisory posted online Tuesday by VMware.

VMware on Tuesday informed customers that its vCenter Server product is affected by a critical vulnerability that can be exploited by an attacker to execute commands with elevated privileges. vCenter Server is a management software designed to provide a centralized platform for controlling VMware vSphere environments.

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.

VMware has revealed a critical-rated bug in the HTML5 client for its flagship vSphere hybrid cloud suite. "The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," says VMware's notification.

IBM has patched a critical buffer-overflow error that affects Big Blue's Integration Designer toolset, which helps enterprises create business processes that integrate applications and data. "By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash," according to IBM's Monday security advisory.

VMware has addressed a critical remote code execution vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. "The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware explains in the advisory.

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage devices running the vulnerable software. Surveillance Station is QNAP's network surveillance Video Management System, a software solution that can help users manage and monitor up to 12 IP cameras.