Cloud computing and virtualization technology company VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.
The issue, assigned the identifier CVE-2022-22966, has a CVSS rating of 9.1 out of a utmost of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw.
![AOMEI Backupper Lifetime](https://thecybersecurity.news/data/2021/12/AOMEI-Backupper-Professional.png)
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“An authenticated, substantial privileged destructive actor with network access to the VMware Cloud Director tenant or company may possibly be ready to exploit a distant code execution vulnerability to acquire access to the server,” VMware claimed in an advisory.
As the main cloud infrastructure management platform, VMware Cloud Director (formerly vCloud Director) is employed by many effectively-recognised cloud providers to operate and regulate their cloud infrastructures. Half a million VMware customers use the software program to operate the world’s sophisticated digital infrastructure.
The vulnerability could, in other phrases, conclude up allowing for attackers to acquire access to delicate data and just take above private clouds inside of an overall infrastructure.
Affected variations incorporate 10.1.x, 10.2.x, and 10.3.x, with fixes offered in variations 10.1.4.1, 10.2.2.3, and 10.3.3. The business has also published workarounds that can be followed when upgrading to a proposed model is not an option.
The patches get there a day soon after exploits for a further a short while ago fixed critical flaw in VMware Workspace One particular Access were detected in the wild.
The flaw (CVE-2022-22954) relates to a distant code execution vulnerability that stems from server-side template injection in VMware Workspace One particular Accessibility and Id Supervisor.
With VMware merchandise normally turning out to be a lucrative goal for danger actors, the update adds to the urgency for companies to apply important mitigations to reduce potential threats.
Identified this report intriguing? Follow THN on Fb, Twitter and LinkedIn to read more unique material we publish.
Some sections of this write-up are sourced from:
thehackernews.com