VMware on Tuesday transported security updates to deal with a critical security flaw in its VMware Cloud Foundation solution.
Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring method, and relates to a distant code execution vulnerability by means of XStream open supply library.
“Because of to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get distant code execution in the context of ‘root’ on the equipment,” the company said in an advisory.
In gentle of the severity of the flaw and its fairly reduced bar for exploitation, the Palo Alto-primarily based virtualization expert services company has also built available a patch for conclusion-of-lifestyle goods.
Also tackled by VMware as part of the update is CVE-2022-31678 (CVSS rating: 5.3), an XML Exterior Entity (XXE) vulnerability that could be exploited to final result in a denial-of-services (DoS) ailment or unauthorized info disclosure.
Security researchers Sina Kheirkhah and Steven Seeley of Supply Incite have been credited with reporting the two flaws.
End users of VMware Cloud Foundation are recommended to utilize the patches to mitigate possible threats.
Identified this posting attention-grabbing? Adhere to THN on Facebook, Twitter and LinkedIn to read through more unique content we publish.
Some parts of this article are sourced from:
thehackernews.com