VMware vCenter Server is vulnerable to out-of-bounds write (CVE-2023-34048) and partial information disclosure (CVE-2023-34056) vulnerabilities. Successful exploitation of the vulnerabilities may result in access to critical data and remote code execution. CISA has added the CVE-2023-34048 to its Known Exploited Vulnerabilities Catalog and requested users to patch it before February 12, 2024.
Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. These vulnerabilities have CVSS scores ranging from 4.3 to 9.8. Out of these vulnerabilities, the most critical was CVE-2021-22005 – an arbitrary file upload vulnerability in the Analytics service, which impacts vCenter Server 6.7 and 7.0 deployments. Exploiting this vulnerability, a remote attacker could … Continue reading “VMware vCenter Affected By Critical Vulnerabilities”
On 25th May 2021, VMware released a security advisory to address two vulnerabilities (CVE-2021-21986, CVE-2021-21985) for vCenter Server. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on the vulnerable system. VMware has assigned critical severity for CVE-2021-21985 with a maximum CVSSv3 base score of 9.8. The severity of CVE-2021-21986 … Continue reading “VMware vCenter Server Multiple Vulnerabilities (CVE-2021-21986, CVE-2021-21985)”
On 9th April 2020,VMware has released an advisory VMSA-2020-0006 to addressed a critical information disclosure vulnerability. CVE-2020-3952 has been assigned. Vulnerability would be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. vCenter Server provides a centralized platform for controlling VMware vSphere environments, it helps manage … Continue reading “VMware vCenter Server Sensitive Information Disclosure Vulnerability”