×

Irish Information Security Forum

VMware warns of critical vulnerabilities in products

 April 6, 2022  -  bleepingcomputer.com

 

VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks.

 

"This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious," VMware warned on Wednesday. "All environments are different, have different tolerance for risk, and have different security controls and defense-in-depth to mitigate risk, so customers must make their own decisions on how to proceed. However, given the severity of the vulnerability, we strongly recommend immediate action."


Read the full article here

 


VMware Core
Patches for five critical vulnerabilities

The list of critical security flaws patched today includes a server-side template injection remote code execution vulnerability (CVE-2022-22954), two OAuth2 ACS authentication bypass vulnerabilities (CVE-2022-22955, CVE-2022-22956), and two JDBC injection remote code execution vulnerabilities (CVE-2022-22957, CVE-2022-22958). VMware also patched high and medium severity bugs that could be exploited for Cross-Site Request Forgery (CSRF) attacks (CVE-2022-22959), escalate privileges (CVE-2022-22960), and gain access to information without authorization (CVE-2022-22961).

VMSA-2022-0011: Questions & Answers | VMware

 

 

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter