Critical Vulnerability in VMware Cloud Foundation

Published on 26 Oct 2022

Updated on 26 Oct 2022

VMware has released a security update to address a critical vulnerability (CVE-2021-39144) in their Cloud Foundation products. It has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to perform remote code execution as root.

Administrators and users of affected are advised to upgrade XStream to version 1.4.19 immediately.

More information is available here:

https://www.vmware.com/security/advisories/VMSA-2022-0027.html

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-cloud-foundation-remote-code-execution-bug/