Cloud computing and virtualization technology company VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.
The issue, assigned the identifier CVE-2022-22966, has a CVSS rating of 9.1 out of a utmost of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“An authenticated, substantial privileged destructive actor with network access to the VMware Cloud Director tenant or company may possibly be ready to exploit a distant code execution vulnerability to acquire access to the server,” VMware claimed in an advisory.
As the main cloud infrastructure management platform, VMware Cloud Director (formerly vCloud Director) is employed by many effectively-recognised cloud providers to operate and regulate their cloud infrastructures. Half a million VMware customers use the software program to operate the world’s sophisticated digital infrastructure.
The vulnerability could, in other phrases, conclude up allowing for attackers to acquire access to delicate data and just take above private clouds inside of an overall infrastructure.
Affected variations incorporate 10.1.x, 10.2.x, and 10.3.x, with fixes offered in variations 10.1.4.1, 10.2.2.3, and 10.3.3. The business has also published workarounds that can be followed when upgrading to a proposed model is not an option.
The patches get there a day soon after exploits for a further a short while ago fixed critical flaw in VMware Workspace One particular Access were detected in the wild.
The flaw (CVE-2022-22954) relates to a distant code execution vulnerability that stems from server-side template injection in VMware Workspace One particular Accessibility and Id Supervisor.
With VMware merchandise normally turning out to be a lucrative goal for danger actors, the update adds to the urgency for companies to apply important mitigations to reduce potential threats.
Identified this report intriguing? Follow THN on Fb, Twitter and LinkedIn to read more unique material we publish.
Some sections of this write-up are sourced from:
thehackernews.com
Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw