Security News
The most urgent among them is an arbitrary file upload vulnerability in the Analytics service that impacts vCenter Server 6.7 and 7.0 deployments. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file," the company noted, adding "This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server."
VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments.vCenter Server is a server management solution that helps IT admins manage virtualized hosts and virtual machines in enterprise environments via a single console.
VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses affect VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, as listed below -.
VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses affect VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, as listed below -.
To help ease the transition to the cloud, VMware announced GE Healthcare will leverage VMware SD-WAN, now part of VMware SASE, to seamlessly deliver cloud-based services to GE Healthcare customers. "VMware SD-WAN provides this network overlay to prioritize and move high-fidelity, latency-sensitive data to the cloud and between edge locations. Leveraging VMware SD-WAN enables GE Healthcare to offer rapid, more securely deployed, and easily accessed virtual care solutions."
VMware on Thursday released security updates for multiple products to address a pair of security bugs, one serious enough to give attackers access to sensitive information. In an advisory, VMWare warns that a malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
VMware has released security updates for multiple products to address a critical vulnerability that could be exploited to gain access to confidential information. CVE-2021-22002 concerns an issue with how VMware Workspace One Access and Identity Manager allow the "/cfg" web app and diagnostic endpoints to be accessed via port 443 by tampering with a host header, resulting in a server-side request.
The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. With VMware ESXi being the most popular virtual machine platform, almost every enterprise-targeting ransomware operation has begun to release encryptors that specifically target its virtual machines.
VMware continues to build out its virtual desktop infrastructure and Desktop-as-a-Service platform and announced new capabilities to make it easier for IT to manage Horizon deployments wherever they may be, on-premises or in the cloud. It brings together VMware Workspace ONE with VMware Carbon Black Cloud and VMware SASE. Horizon Control Plane services available on more cloud environments for greater flexibility.
Entrust announced certification of its nShield hardware security modules with VMware Tanzu Kubernetes Grid. Entrust nShield HSMs provide robust cryptographic services, enhancing the security of containerized applications running on VMware Tanzu Kubernetes Grid.