VMware

Pierluigi Paganini March 30, 2021
VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials

VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published security updates to address multiple vulnerabilities in VMware vRealize Operations that could allow threat actors to steal admin credentials from vulnerable installs. VMware vRealize Operations is a self-driving and AI-powered platform for the management of IT operations […]

Pierluigi Paganini March 04, 2021
VMware addresses Remote Code Execution issue in View Planner

VMware released a security patch for a remote code execution vulnerability that affects the VMware View Planner product. VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The View Planner is a free tool for Performance Sizing and Benchmarking of Virtual Desktop Infrastructure environments. […]

Pierluigi Paganini February 25, 2021
Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw

A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi […]

Pierluigi Paganini February 23, 2021
VMware addresses a critical RCE issue in vCenter Server

VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform, tracked as CVE-2021-21972, that could be exploited by attackers to potentially take control of affected systems. vCenter Server is the centralized […]

Pierluigi Paganini February 15, 2021
VMware fixes command injection issue in vSphere Replication

VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere Replication product. VMware vSphere Replication is an extension to VMware vCenter Server that provides hypervisor-based virtual machine replication and recovery. vSphere Replication […]

Pierluigi Paganini December 07, 2020
Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

The National Security Agency (NSA) warns that Russia-linked hackers are exploiting a recently patched VMware flaw in a cyberespionage campaign. The US National Security Agency has published a security alert warning that Russian state-sponsored hackers are exploiting the recently patched CVE-2020-4006 VMware flaw to steal sensitive information from their targets. The US intelligence agency is urging companies […]

Pierluigi Paganini December 04, 2020
Recently disclosed CVE-2020-4006 VMware zero-day was reported by NSA

VMware addressed CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has finally released security updates to fix the CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. At the end of November, VMware only has released a workaround to address the critical […]

Pierluigi Paganini November 23, 2020
VMware discloses critical zero-day CVE-2020-4006 in Workspace One

VMware discloses a critical zero-day vulnerability (CVE-2020-4006) in multiple VMware Workspace One components and released a workaround to address it. VMware has released a workaround to address a critical zero-day vulnerability, tracked as CVE-2020-4006, that affects multiple VMware Workspace One components. The flaw could be exploited by attackers to execute commands on the host Linux […]

Pierluigi Paganini November 20, 2020
VMware addresses flaws exploited at recent Tianfu Cup

VMware has addressed two serious ESXi vulnerabilities that were demonstrated at the Tianfu Cup International PWN Contest. VMware has released patches for two serious ESXi vulnerabilities that were disclosed during the 2020 Tianfu Cup International PWN Contest. The Tianfu Cup is the most important hacking contest held in China, the total bonus of the contest […]

Pierluigi Paganini November 05, 2020
VMware finally fixed the critical CVE-2020-3992 flaw in ESXi

VMware has released new patches for ESXi after learning that a fix released in October for the critical CVE-2020-3992 flaw was incomplete. The virtualization giant VMware has released new fixes for ESXi after learning that a patch released in October for the critical CVE-2020-3992 flaw was incomplete. The CVE-2020-3992 vulnerability is a use-after-free bug issue that affects […]