VMware

Pierluigi Paganini November 09, 2022
VMware fixes three critical flaws in Workspace ONE Assist

VMware address three critical bugs in the Workspace ONE Assist solution that allow remote attackers to bypass authentication and elevate privileges. VMware has released security updates to address three critical vulnerabilities impacting the Workspace ONE Assist product. Remote attackers can exploit the vulnerabilities to bypass authentication and elevate privileges to admin. Workspace ONE Assist allows […]

Pierluigi Paganini October 31, 2022
VMware warns of the public availability of CVE-2021-39144 exploit code

VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX Data Center for vSphere (NSX-V). VMware warned of the existence of a public exploit targeting a recently addressed critical remote code execution (RCE) vulnerability, tracked as CVE-2021-39144 (CVSS score of 9.8), in NSX Data Center for […]

Pierluigi Paganini October 26, 2022
VMware fixes critical RCE in VMware Cloud Foundation

VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144. VMware has released security updates to address a critical vulnerability, tracked as CVE-2021-39144 (CVSSv3 9.8), in VMware Cloud Foundation. VMware Cloud Foundation™ is the industry’s most advanced hybrid cloud platform. It provides a complete set of software-defined services for compute, storage, […]

Pierluigi Paganini October 12, 2022
VMware has yet to fix CVE-2021-22048 flaw in vCenter Server disclosed one year ago

VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048, in the vCenter Server. The flaw was disclosed in November 2021, it resides in the vCenter Server ‘s IWA (Integrated Windows […]

Pierluigi Paganini October 07, 2022
VMware fixed a high-severity bug in vCenter Server

VMware this week addressed a severe vulnerability in vCenter Server that could lead to arbitrary code execution. VMware on Thursday released security patches to address a code execution vulnerability, tracked as CVE-2022-31680 (CVSS score of 7.2), in vCenter Server. The security issue is an unsafe deserialization vulnerability that resides in the platform services controller (PSC). […]

Pierluigi Paganini September 30, 2022
Experts uncovered novel Malware persistence within VMware ESXi Hypervisors

Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: The highly targeted and evasive nature of […]

Pierluigi Paganini August 24, 2022
VMware fixed a privilege escalation issue in VMware Tools

VMware this week released patches to address an important-severity vulnerability in the VMware Tools suite of utilities. The virtualization giant VMware this week released patches to address an important-severity flaw, tracked as CVE-2022-31676, which impacts the VMware Tools suite of utilities. VMware Tools is a set of services and modules that enable several features in company […]

Pierluigi Paganini August 10, 2022
VMware warns of public PoC code for critical auth bypass bug CVE-2022-31656

VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656, in multiple products. The flaw was discovered by security researcher Petrus Viet from VNG Security, […]

Pierluigi Paganini August 02, 2022
VMware fixed critical authentication bypass vulnerability

VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. An unauthenticated attacker can exploit the vulnerability to gain admin privileges. “A malicious actor with network access to the […]

Pierluigi Paganini July 14, 2022
VMware fixed a flaw in vCenter Server discovered eight months ago

VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048, in vCenter Server IWA mechanism. VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism after eight months since its disclosure. The vulnerability can be exploited by an attacker with non-administrative […]