Security News
A couple of serious vulnerabilities patched recently by VMware in its vRealize Operations product can pose a significant risk to organizations, according to a researcher involved in the discovery of the security bugs. The vROps IT operations management product, specifically the vRealize Operations Manager API, is affected by a server-side request forgery vulnerability tracked as CVE-2021-21975, and an arbitrary file write issue tracked as CVE-2021-21983.
Two vulnerabilities recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote code execution on the underlying operating system, Positive Technologies researchers have found. There is no PoC currently available and no mention of the vulnerabilities being exploited in the wild.
VMware Cloud is a distributed, multi-cloud platform that enables organizations to accelerate application modernization across the data center, edge, and any cloud. VMware Cloud Universal is ideal for customers committed to a hybrid cloud architecture; that have extended or variable cloud migration timelines; that have cloud bursting requirements; or desire an OPEX model for on-premises infrastructure.
VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers. vRealize Operations is an AI-powered and "Self-driving" IT operations management for private, hybrid, and multi-cloud environments, available as an on-premises or SaaS solution.
VMware announced innovations across its cloud management portfolio spanning CloudHealth by VMware and VMware vRealize Cloud Management on-premises and software as a service offerings. "VMware makes this complexity of managing clouds invisible. By providing consistent costing, security, governance, operations and service automation across clouds, VMware enables customers to achieve higher application and business agility."
VMware announced portfolio updates to help customers modernize their applications and infrastructure. The new releases of vSphere 7 and vSAN 7 will help IT teams support new and existing applications with infrastructure that is developer and AI-ready; scales without compromise; boosts infrastructure and data security; and simplifies operations.
VMware has addressed a high severity unauthenticated RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. The vulnerability was discovered and reported to VMware by Positive Technologies web application security expert Mikhail Klyuchnikov.
Armor announced new endpoint detection and response capabilities delivered with VMware Carbon Black. Armor Anywhere, a trusted cloud security platform, will utilize VMware Carbon Black Cloud Enterprise EDR to extend threat detection and response to end user devices.
VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution. With the release of View Planner 4.6 Security Patch 1 on March 2, VMware fixes CVE-2021-21978, an issue that could allow an attacker to execute code remotely.
Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. Kali Linux 2021.1 released: Tweaked DEs and terminals, new tools, Kali ARM for Apple Silicon MacsOffensive Security has released Kali Linux 2021.1, the latest version of its popular open source penetration testing platform.