security

Advisory VMSA-2021-0010: VMware vCenter Server (CVE-2021-21985, CVE-2021-21986)

Roman Kallen
Auf dem Blog von VMware wurde ein neues Security Advisory veröffentlich. Inhalt: Advisory: VMware vCenter Server updates address remote code execution and authentication vulnerabilities (CVE-2021-21985, CVE-2021-21986) Release Notes für den Patch: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3n-release-notes.html Resolved Issues: Security Issues VMware vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the VMware vSAN health check plug-in. A malicious actor with network access to port 443 might exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.