top of page

A patch has been released by VMware for the critical vulnerability in vCenter Server

Writer's picture: Rachel HanlonRachel Hanlon
Sep 21, 20211 min read

Description

VMware released a patch for multiple vulnerabilities in VMware vCenter Server and VMware Cloud Foundation including arbitrary file upload vulnerability tracked as CVE-2021-22005 and having CVSS score 9.8, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments.

An attacker with network access to port 443 on vCenter Server can exploit arbitrary file upload vulnerability by uploading a specially crafted file. Successful exploitation of this vulnerability results in code execution on the vCenter Server.


Affected Products:

  • VMware vCenter Server (vCenter Server)

  • VMware Cloud Foundation (Cloud Foundation)

Recommendation

Workaround:

It is recommended to update the affected VMware products to their latest available versions/patch level.

Reference




 
 
 

Comments

Testimonials

Ibec - For Irish Business

"Ibec engaged with VISO two years ago.  While our primary objective was to improve our information security posture, we were also looking for a long-term partner with expertise and knowledge of the continually evolving cyber landscape. The professionals at VISO are a pleasure to work with and their team is always on hand when we need them."

2-3 Prospect Road, Glasnevin, Dublin 9, D09 K5V2

Telephone: Ireland +353 1 9121331  U.K.  +44 20 30260575

 

We simplify Cyber Security 

Privacy Policy

  • Twitter
  • Facebook
  • LinkedIn

© 2022 proudly created by The Rainbow Vault

ISO 27001 Cyber Security standard_Awarded to VISO Cyber Security
cyberessentials_certification- awarded to VISO Cyber Security
bottom of page