Security News

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Carbon Black Cloud Workload is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company's cloud-computing virtualization platform.

A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution. The VMware Carbon Black Cloud Workload platform is designed to provide cybersecurity defense for virtual servers and workloads that are hosted on the VMware's vSphere platform.

A critical vulnerability recently addressed in the VMware Carbon Black Cloud Workload could be abused to execute code on a vulnerable server, according to a warning from a security researcher who discovered the bug. "A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance may be able to obtain a valid authentication token, granting access to the administration API of the appliance," VMware notes in an advisory.

VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers. VMware Carbon Black Cloud Workload is a Linux data center security software designed to protect workloads running in virtualized environments.

A couple of serious vulnerabilities patched recently by VMware in its vRealize Operations product can pose a significant risk to organizations, according to a researcher involved in the discovery of the security bugs. The vROps IT operations management product, specifically the vRealize Operations Manager API, is affected by a server-side request forgery vulnerability tracked as CVE-2021-21975, and an arbitrary file write issue tracked as CVE-2021-21983.

Two vulnerabilities recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote code execution on the underlying operating system, Positive Technologies researchers have found. There is no PoC currently available and no mention of the vulnerabilities being exploited in the wild.

VMware Cloud is a distributed, multi-cloud platform that enables organizations to accelerate application modernization across the data center, edge, and any cloud. VMware Cloud Universal is ideal for customers committed to a hybrid cloud architecture; that have extended or variable cloud migration timelines; that have cloud bursting requirements; or desire an OPEX model for on-premises infrastructure.

VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers. vRealize Operations is an AI-powered and "Self-driving" IT operations management for private, hybrid, and multi-cloud environments, available as an on-premises or SaaS solution.

VMware announced innovations across its cloud management portfolio spanning CloudHealth by VMware and VMware vRealize Cloud Management on-premises and software as a service offerings. "VMware makes this complexity of managing clouds invisible. By providing consistent costing, security, governance, operations and service automation across clouds, VMware enables customers to achieve higher application and business agility."

VMware announced portfolio updates to help customers modernize their applications and infrastructure. The new releases of vSphere 7 and vSAN 7 will help IT teams support new and existing applications with infrastructure that is developer and AI-ready; scales without compromise; boosts infrastructure and data security; and simplifies operations.