Security News

VMware patches bug that put many large networks at risk
2021-02-25 16:29

VMware has fixed a serious flaw in its vCenter Server VMware utility that could have opened the door for hackers to remotely execute code on a vulnerable server. In a press release published Wednesday, Positive Technologies, which discovered and alerted VMware to the bug, said attackers could have exploited the vCenter Server bug to take over unpatched VMware servers and gain access to local network resources.

Attackers scan for vulnerable VMware servers after PoC exploit release
2021-02-25 12:56

After security researchers have developed and published proof-of-concept exploit code targeting a critical vCenter remote code execution vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. We've detected mass scanning activity targeting vulnerable VMware vCenter servers.

Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability
2021-02-25 11:47

Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers. The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server.

Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
2021-02-25 10:53

The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We've detected mass scanning activity targeting vulnerable VMware vCenter servers.

VMWare Patches Critical RCE Flaw in vCenter Server
2021-02-24 17:14

VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution flaw in its vCenter Server management platform. The researcher found the most critical of the flaws, which is being tracked as CVE-2021-21972 and has a CVSS v3 score of 9.8, in a vCenter Server plugin for vROPs in the vSphere Client functionality, according to an advisory posted online Tuesday by VMware.

Critical VMware vCenter Server Flaw Can Expose Organizations to Remote Attacks
2021-02-24 12:02

VMware on Tuesday informed customers that its vCenter Server product is affected by a critical vulnerability that can be exploited by an attacker to execute commands with elevated privileges. vCenter Server is a management software designed to provide a centralized platform for controlling VMware vSphere environments.

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
2021-02-24 09:35

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.

VMware warns of critical remote code execution flaw in vSphere HTML5 client
2021-02-23 23:35

VMware has revealed a critical-rated bug in the HTML5 client for its flagship vSphere hybrid cloud suite. "The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," says VMware's notification.

VMware fixes critical RCE bug in all default vCenter installs
2021-02-23 19:26

VMware has addressed a critical remote code execution vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. "The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware explains in the advisory.

Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises
2021-02-15 11:59

VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product. vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery.