Posts

Showing posts with the label CVE

VMware Vulnerability for Carbon Black App Control

-
VMware just release a security advisory,  VMSA-2022-0008 on VMware Carbon Black App Control with a rating for CVSSv3 of 9.1. This addresses two CVE, CVE-2022-22951 and CVE-2022-22952. Both CVEs are addressed via the release patch. As always, do apply them soonest.
Post a Comment
Read more

VMware Security Vulerability Feb 2022

-
Two security advisories was sent out on Tuesday 15th Feb. One affecting mainly virtualization platform such as ESXi, Workstation, Fusion and Cloud Foundation. While the other impacts NSX-V and Cloud Foundation that contain NSX-V. Both advisories contains vulnerabilities that has a CVSSv3 score of  more than 8. Except for one that is in the first advisory at time of writing. Check back to the advisories for the updated fix once available. The good news is all fixes are now available except pending for Cloud Foundation for CVE-2022-22945. Below is the security advisories which contain the respective CVE. VMSA-2022-0004 Use-after-free vulnerability in XHCI USB controller (CVE-2021-22040) - 8.4 Double-fetch vulnerability in UHCI USB controller (CVE-2021-22041) - 8.4 ESXi settingsd unauthorized access vulnerability (CVE-2021-22042) - 8.2 ESXi settingsd TOCTOU vulnerability (CVE-2021-22043) - 8.2 ESXi slow HTTP POST denial of service vulnerability (CVE-2021-22050) - 5.3 VMSA-2022-00...
Post a Comment
Read more

CVE-2020-4006 - Command Injection

-
Important alert on CVE-2020-4006 as document here which has a maximum CVSSv3 base score of 7.2 which was discovered on 23rd Nov 2020. A workaround was first provided to mitigate this risk now a fix is available. In summary, this vulnerability allows an attacker who have got hold of the configuration admin account for the affected products to execute commands. The configuration admin account password is set during time of deployment. Affected Products: VMware Workspace One Access (Access) VMware Workspace One Access Connector (Access Connector) VMware Identity Manager (vIDM) VMware Identity Manager Connector (vIDM Connector) VMware Cloud Foundation vRealize Suite Lifecycle Manager  If you are using any of the products affected, do take sometime to remediate this as soon as possible.
Post a Comment
Read more