Security News

VMware informed customers on Tuesday that it has patched a high-severity remote code execution vulnerability in its Cloud Director product. The vulnerability, tracked as CVE-2020-3956, has been described as a code injection issue that allows an authenticated attacker to send malicious traffic to Cloud Director, which could result in arbitrary code execution.

As small to mid-sized businesses use more bandwidth every year to modernize their companies, Kinetic Business is proud to announce a SD-WAN solution to help manage their usage. Kinetic Business SD-WAN is built upon VeloCloud technology from VMware, an industry leader in SD-WAN solutions.

VMware announced on Wednesday during its virtual Connect 2020 cybersecurity conference the acquisition of Kubernetes security company Octarine and a new Next-Gen Security Operations Center Alliance. VMware acquired Carbon Black last year for $2.1 billion and the virtualization giant announced the launch of its new Security Business Unit when the acquisition was completed.

VMware is working on patches for its vRealize Operations Manager product to fix two recently disclosed Salt vulnerabilities that have already been exploited to hack organizations. Researchers discovered recently that the configuration management and orchestration system Salt is affected by serious vulnerabilities that can be exploited for authentication bypass and directory traversal.

Kasten, the market leader for Kubernetes Data Management, announced that the company's flagship platform, Kasten K10, is available on VMware Cloud Marketplace. Kasten architected Kasten K10 specifically to address Day 2 data management challenges for cloud-native applications.

A critical vulnerability in VMware's vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed. The astonishing vuln, details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as CVSS v3 10.0, the highest level.

Cloud and data center security solutions provider Guardicore on Wednesday made available technical information on a critical VMware vCenter Server vulnerability that can be exploited by an attacker to gain full control over the targeted VMware deployment. Few details have been made available by VMware so researchers at Guardicore have decided to analyze the patch in an effort to identify the changes made by the virtualization giant to address the vulnerability.

VMware has fixed a critical vulnerability affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to compromise vCenter Server or other services which depend on the VMware Directory Service for authentication. vCenter Server is server management software for controlling VMware vSphere environments.

A critical information-disclosure bug in VMware's Directory Service could lay bare the contents of entire corporate virtual infrastructures, if exploited by cyberattackers. The vmdir in turn is a central component to the vCenter SSO. Also, vmdir is used for certificate management for the workloads governed by vCenter, according to VMware.

VMware has patched a critical vulnerability that can be exploited to compromise vCenter Server or other services that rely on the Directory Service for authentication. The weakness impacts vCenter Server 6.7 on Windows and virtual appliances, and it has been patched with the 6.7u3f update.