VMware vCenter Affected By Critical Vulnerabilities

Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. These vulnerabilities have CVSS scores ranging from 4.3 to 9.8. Out of these vulnerabilities, the most critical was  CVE-2021-22005 – an arbitrary file upload vulnerability in the Analytics service, which impacts vCenter Server 6.7 and 7.0 deployments. Exploiting this vulnerability,  a remote attacker could … Continue reading “VMware vCenter Affected By Critical Vulnerabilities”

VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)

Overview On February 23, 2021, VMware released an update to fix three vulnerabilities – CVE-2021-21972, CVE-2021-21973, and CVE-2021-21974. Out of these, CVE-2021-21972 is a critical remote code execution vulnerability with the highest CVE score (9.8). The bug exists in the vROPs (vRealize Operations) plugin of VMware vCenter Server. Successful exploitation of this vulnerability could allow … Continue reading “VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972)”