- 247/2022
- Critical
VMware has released security updates to fix vulnerabilities in multiple products.
The severity of the addressed vulnerabilities could allow the unauthenticated remote attacker to execute arbitrary code or obtain information on the affected products.
Samples of the addressed vulnerabilities:
1- VMware XStream command execution (CVE-2021-39144):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2- VMware Cloud Foundation information disclosure (CVE-2022-31678):
- CVSS: 5.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
It should be highlighted that VMware also provides a Workaround Solution for those who cannot immediately patch their appliances
Vulnerabilities
- CVE-2021-39144
- CVE-2022-31678
- CVE-2022-31682
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.