patch Archives > CloudHat.eu

VMSA-2021-0004 – vRealize Operations Manager Vulnerabilities

March 30, 2021March 30, 2021 Constantin Ghioc Leave a comment

VMware has released a new security advisory VMSA-2021-0004: VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983).

Multiple vulnerabilities in VMware ESXi, Workstation and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. This advisory documents the remediation of one critical issue and one important issue.

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2021-21975 to the server side request forgery vulnerability in vRealize Operations Manager API and CVE-2021-21983 to the arbitrary file write vulnerability in vRealize Operations Manager API.

A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. An authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying Photon operating system.

VMSA-2020-0026 – ESXi, Workstation, and Fusion Vulnerabilities

November 20, 2020November 27, 2020 Constantin Ghioc Leave a comment

VMware has released a new security advisory VMSA-2020-0026: VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005).

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2020-4004 to the use-after-free vulnerability in XHCI USB controller and CVE-2020-4005 to the VMX elevation-of-privilege vulnerability.

VMware ESXi and Horizon DaaS Security Updates – VMSA-2019-0022

December 10, 2019December 10, 2019 Constantin Ghioc Leave a comment

VMware has released a new security advisory VMSA-2019-0022 (VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability). Patches and workarounds are available to address this vulnerability in affected VMware products.

This advisory documents the remediation of one issue, rated with a severity of critical. VMware ESXi and Horizon DaaS use an OpenSLP version which has a heap overwrite issue. Successful exploitation of this issue may allow attackers with network access to port 427 on an ESXI host or on any Horizon DaaS management appliance to overwrite the heap of the OpenSLP service resulting in remote code execution.

The identifier CVE-2019-5544 was assigned to this vulnerability.