VMware Cloud Foundation remote code execution vulnerability via XStream (CVE-2021-39144)

CISA identified VMware products to the CVE-2021-39144 vulnerability in its Known Exploited Vulnerabilities (KEV) catalog following confirmation from VMware that this bug is being exploited since December 2022.

VMware Cloud Foundation remote code execution vulnerability via XStream (CVE-2021-39144)2023-04-04T11:30:07-04:00

VMware vSphere 6.7 End of General Support: October 15, 2022

VMware 6.7 is going to end its product General Support on October 15th. After that point, VMware will assist only with technical issues for that version, but cannot guarantee absolute bug-fixes.

VMware vSphere 6.7 End of General Support: October 15, 20222022-09-13T12:11:44-04:00

Alert: VMware vCenter Server Privilege Escalation Vulnerability

VMware has investigated and confirmed possible exploits that can be performed by a malicious attacker using “privileged account escalation” method. Learn how to mitigate with the provided remediation tasks.

Alert: VMware vCenter Server Privilege Escalation Vulnerability2022-12-13T15:37:35-05:00

Alert: Multiple Vulnerabilities in VMware vCenter Server

Alert: Multiple Vulnerabilities in VMware vCenter Server September 21, 2021 What is being impacted? Multiple vulnerabilities in VMware vCenter Server have been reported to VMware, affecting vCenter Server and Cloud Foundation. What’s the issue? There is an arbitrary file upload vulnerability in the Analytics service. What happens if I do not address this? Specially crafted files can be uploaded by malicious actors with network access to port 443 to execute code. What should I do? [...]

Alert: Multiple Vulnerabilities in VMware vCenter Server2022-12-13T15:43:47-05:00