#VMwareSecurity

VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks

by

December 1, 2023 at 01:04PM VMware fixed a critical authentication bypass vulnerability in upgraded Cloud Director appliance 10.5, which allowed remote attackers to exploit it without user interaction. The issue, identified as CVE-2023-34060, did not affect fresh installations, Linux deployments, or other appliances. VMware also provided a workaround script for immediate protection, ensuring no service … Read more

VMware fixes critical code execution flaw in vCenter Server

by

October 25, 2023 at 05:06AM VMware has released security updates to address a critical vulnerability in vCenter Server that can be exploited for remote code execution attacks. The vulnerability (CVE-2023-34048) allows unauthenticated attackers to remotely exploit it without user interaction. VMware has made patches available for affected products, including end-of-life versions. Administrators are advised to … Read more