Plain Virtualization

Broadcom has release an update to address the below two vulnerabilities. This affect vCenter Server 7.x and 8.x. VMware vCenter Server heap-overflow vulnerability (CVE-2024-38812) This carries a CVSSv3 score of 9.8 VMware vCenter privilege escalation vulnerability (CVE-2024-38813) This carries a CVSSv3 score of 7.5. Both are addressed with resolution with a new binary update for vCenter Server 7U3s and vCenter Server 8U3b. This will affect any VCF 4.x and 5.x which contains either vCenter Server 7.x or 8.x. It is always recommended to get this updated as soon as possible with such rare critical severity. Check out this article for more information.

The threat was first discovered on Workstation during Pwn2Own hacking event.  With further investigation, it is now found possible on ESXi 6.0U1 and above. Do check out the VMware Security Advisories here .  The patches are all available currently. Read about the how this was found during Pwn2Own event on the blog post here .

I am writing this for anyone who is facing a Java issue after updating to 1.7 Update 51.  With this release, there is a security check on all Java site and if it does not contain any certificate or self signed, it will not load the page or load with error.  Refer to the release notes . This affect Mac as well as Windows.  The resolution is to go to the Java Console For Windows user, go to Control Panel>Java For Mac user, go to System Preferences>Java Enter the website that you are access to or loading Java, under the Security Tab.  Remember to add in https:// for the site your are accessing to. This affects not just VMware solutions but also Citrix as well as VPN client that uses Java. Hope this resolve your error.