Get Permission
VMware has issued patches for two critical vulnerabilities in its IT operations management platform, vRealize Operations, which, if exploited, could allow attackers to steal administrative credentials.
The platform is designed to offer self-driving IT operations management for private, hybrid and multi-cloud environments in a unified platform powered by artificial intelligence.
VMware issued patches on Tuesday for the flaws CVE-2021-21975, which has a CVSS ranking of 8.6, and CVE-2021-21983, which has a CVSSv3 base score of 7.2.
Egor Dimitrenko of Positive Technologies discovered these vulnerabilities and reported them to VMware.
If the two vulnerabilities are chained together, they could enable an attacker to conduct remote code execution in vRealize Operations, Positive Technologies reports.
VMware Patches 2 Flaws in vRealize Operations govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.
BankInfoSecurity
Compliance Twitter Get Permission
VMware has issued patches for a critical vulnerability in its virtual desktop deployment platform, View Planner, which could enable remote code execution.
The vulnerability, CVE-2021-21978, has a CVSS ranking of 8.6, considered highly critical. The flaw is caused by improper input validation and lack of authorization, resulting in arbitrary file upload in VMware s View Planner web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the log upload container, VMware notes.
VMware issued patches for the vulnerability on Tuesday and urged affected customers to immediately apply the fixes. The flaw was identified by a researcher at security firm Positive Technologies.
Get Permission
In his first remarks about the massive hacking operation that leveraged a tainted SolarWinds Orion software update, President Donald Trump on Saturday downplayed the seriousness of the incident and contradicted Secretary of State Mike Pompeo, who pointed a finger at Russia in a Friday radio interview.
In a pair of tweets on Saturday, Trump appeared to question whether Russia was involved in the hacking operation and opened up the possibility that China may have played a role. The Cyber Hack is far greater in the Fake News Media than in actuality, Trump tweeted on Saturday. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).
Secretary of State Mike Pompeo, commenting on the breach, said in a Friday evening radio interview that “the Russians engaged in this activity.
“I can’t say much more as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified, Pompeo said, according to a transcript provided by the State Department. “But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems, and it now appears systems of private companies and companies and governments across the world as well. This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.