Critical Vulnerability in VMware vCenter Server

Published on 22 Sep 2021

Updated on 22 Sep 2021

VMWare has released security updates to address a critical vulnerability (CVE-2021-22005) found in vCenter Server 6.7, 7.0 and Cloud Foundation (vCenter Server) 3.x, 4.x. This vulnerability may allow an attacker with network access to port 443 to execute code on vCenter Server by uploading a specially crafted file.

 

Users and administrators of the affected versions are advised to upgrade to the latest product versions immediately. 

 

More information is available here:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html

https://core.vmware.com/vmsa-2021-0020-questions-answers-faq#section1
https://www.bleepingcomputer.com/news/security/vmware-warns-of-critical-bug-in-default-vcenter-server-installs/