VMware vCenter Server address heap-overflow and privilege escalation vulnerabilities

-

Broadcom has release an update to address the below two vulnerabilities. This affect vCenter Server 7.x and 8.x.

  1. VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812)
    This carries a CVSSv3 score of 9.8
  2. VMware vCenter privilege escalation vulnerability (CVE-2024-38813)
    This carries a CVSSv3 score of 7.5.
Both are addressed with resolution with a new binary update for vCenter Server 7U3s and vCenter Server 8U3b. This will affect any VCF 4.x and 5.x which contains either vCenter Server 7.x or 8.x.

It is always recommended to get this updated as soon as possible with such rare critical severity.

Check out this article for more information.

Comments

Post a Comment

Popular posts from this blog

Aria Operations Management Packs End of Life

-
Coming 1st Oct 2024, the Aria Operations Management Packs will be end of general support (EoGS). Here is the KB . The affected management packs are as follow: vRealize Operations Management Pack for VMware Integrated OpenStack vRealize Operations Federation Management Pack VMware vRealize Operations Management Pack for CloudHealth VMware Aria Operations Management Pack for Flowgate VMware Aria Operations Management Pack for Aria Hub VMware vRealize Operations Management Pack for VMware Smart Assurance Aria Operations Management Pack for Aria Operations for Apps Aria Operations Management Pack for VMware Tanzu Application Service Aria Operations Management Pack for Microsoft Hyper-V Aria Operations Management Pack for NetApp FAS/AFF Aria Operations Management Pack for Microsoft SCOM Aria Operations Management Pack for Citrix Virtual Apps & Desktops Aria Operations Management Pack for Dell EMC OpenManage Enterprise Aria Operations Management Pack for HPE OneView Aria Operations Manag...
Read more

VMware vExpert 2025 Applications Starts Now!

-
It the time of the year to apply and renew your vExpert for another year for your effort contribution back to the VMware community over the last 6-12months.  The vExpert 2025 application is now open starting from 6th Dec 2024 and will closed on 10th January 2025. So hurry start your application and fill up all your contribution. You do not have to do it once through, you can always save it in draft and add on and submit before the closing date. If you have doubt reach out or look for your vExpert Pro nearest to you to to advise you accordingly. This year has been a very different year for VMware. However, the vExpert program was valued and carry on. The perks this year been a vExpert will be very different from the investment from Broadcom.  Head over and sign up now. Good luck! Update 11th Jan 2025 Application dateline has been extended to 24th Jan 2025. Update 13 Dec 2024 Check out the vExpert application announcement here .
Read more

Unable to verify certificate for vCenter on Horizon View Connection Server

-
Image
Recently during an outage of my host during to hardware issue in my home lab where my vCenter 6.0 sit on it, resulted some strange behaviour on my View Connection Server 6.1.  I encounter the below error message: When I go to my Horizon View Dashboard, it looks fine. When I try to remove the vCenter entry under the Server options and adding it back I end up with another error when trying to add the View Composer. However this is not related to the strange behaviour above.  But rather this is due to my login did not contain a domain\username but instead of use just username . Back to the strange behaviour.  It seems my connection to my vCenter via Connection Server has a sudden slowness and the certificate seems to be corrupted.  I tried to find a solution to replace the self-signed (in my case) certificate on my View Connection Server however in vain.  I tried removing the vCenter and re-adding it back, that does not help. So I chanced upon some ...
Read more