Last Updated on 29/11/2021 by Nidhi Khandelwal
VMware has released patches for two security flaws in vCenter Server and Cloud Foundation that might be exploited by a remote attacker to obtain access to sensitive data.
An arbitrary file read vulnerability in the vSphere Web Client is the most serious of the flaws. The flaw, which has been assigned the number CVE-2021-21980, has been assigned a CVSS score of 7.5 out of ten, and it affects vCenter Server versions 6.5 and 6.7.
“A hostile actor with network access to port 443 on vCenter Server may exploit this problem to get access to sensitive information,” VMware said in a November 23 advisory, citing ch0wn of Orz lab as the source of the flaw.
The second flaw addressed by VMware is an SSRF (Server-Side Request Forgery) vulnerability in the vSAN Web Client plug-in, which could allow a malicious actor with network access to port 443 on vCenter Server to exploit the flaw by accessing an internal service or making a URL request from outside the server.
The problem was discovered and reported by magiczero from SGLAB of Legends at Qianxi Group, according to the business.
SSRF attacks are a type of web security flaw that allows an attacker to read or alter internal resources that the target server has access to by sending specially crafted HTTP requests, resulting in unauthorised information disclosure.
SSRF attacks pose such a major and broad threat that they were included in the Open Web Application Security Project’s (OWASP) Top 10 web application security concerns for 2021.
Because VMware’s virtualization technologies are so widely utilised in businesses, it’s no wonder that threat actors have turned to its products to launch a variety of assaults against susceptible networks. It is suggested that organisations implement the essential upgrades as soon as possible to reduce the danger of infiltration.