Blog | G5 Cyber Security

VMWare Patches Critical RCE Flaw in vCenter Server

The vulnerability could allow attackers to breach the external perimeter of an enterprise data center or leverage backdoors already installed to take over a system. The most serious of the three flaws is a remote code execution (RCE) flaw in its vCenter Server management platform. The other flaw is a Server Side Request Forgery (SSRF) vulnerability due to improper validation URLs in a plugin with a. CVSS v3 score of 9.8, in a vCenter server plugin for vROPs in the vSphere Client functionality.

Source: https://threatpost.com/vmware-patches-critical-rce-flaw-in-vcenter-server/164240/

Exit mobile version