Security News

VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005. "This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," the company noted.

VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The worst of the bunch is CVE-2021-22005, described as "An arbitrary file upload vulnerability in the Analytics service" that's part of vCenter Server.

The most urgent among them is an arbitrary file upload vulnerability in the Analytics service that impacts vCenter Server 6.7 and 7.0 deployments. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file," the company noted, adding "This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server."

VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments.vCenter Server is a server management solution that helps IT admins manage virtualized hosts and virtual machines in enterprise environments via a single console.

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses affect VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, as listed below -.

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses affect VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, as listed below -.

To help ease the transition to the cloud, VMware announced GE Healthcare will leverage VMware SD-WAN, now part of VMware SASE, to seamlessly deliver cloud-based services to GE Healthcare customers. "VMware SD-WAN provides this network overlay to prioritize and move high-fidelity, latency-sensitive data to the cloud and between edge locations. Leveraging VMware SD-WAN enables GE Healthcare to offer rapid, more securely deployed, and easily accessed virtual care solutions."

VMware on Thursday released security updates for multiple products to address a pair of security bugs, one serious enough to give attackers access to sensitive information. In an advisory, VMWare warns that a malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.

VMware has released security updates for multiple products to address a critical vulnerability that could be exploited to gain access to confidential information. CVE-2021-22002 concerns an issue with how VMware Workspace One Access and Identity Manager allow the "/cfg" web app and diagnostic endpoints to be accessed via port 443 by tampering with a host header, resulting in a server-side request.

The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. With VMware ESXi being the most popular virtual machine platform, almost every enterprise-targeting ransomware operation has begun to release encryptors that specifically target its virtual machines.