VMware vCenter Server

Pierluigi Paganini September 18, 2024
Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812

Broadcom addressed a critical vulnerability in the VMware vCenter Server that could allow remote attackers to achieve code execution. Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution. vCenter Server is a critical component in VMware virtualization and […]

Pierluigi Paganini July 14, 2022
VMware fixed a flaw in vCenter Server discovered eight months ago

VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048, in vCenter Server IWA mechanism. VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism after eight months since its disclosure. The vulnerability can be exploited by an attacker with non-administrative […]

Pierluigi Paganini September 28, 2021
A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online

An exploit for the recently disclosed CVE-2021-22005 vulnerability in VMware vCenter was publicly released, threat actors are already using it. A working exploit for the CVE-2021-22005 vulnerability in VMware vCenter is publicly available, and attackers are already attempting to use it in the wild. VMware recently addressed the critical arbitrary file upload vulnerability CVE-2021-22005, it […]

Pierluigi Paganini September 25, 2021
Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw

Immediately after the public release of the exploit code for the VMware vCenter CVE-2021-22005 flaw threat actors started using it. Researchers warn that immediately after the release of the exploit code for the recently addressed CVE-2021-22005 flaw in VMware vCenter threat actors started using it. The CVE-2021-22005 issue is a critical arbitrary file upload vulnerability […]

Pierluigi Paganini February 25, 2021
Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw

A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi […]

Pierluigi Paganini April 10, 2020
CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server

VMware has addressed a critical information disclosure vulnerability related to the Directory Service that can be exploited to compromise vCenter Server. VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. The CVE-2020-3952 […]