Security Alert (A21-08-13): Multiple Vulnerabilities in VMware Products


 

Published on: 26 August 2021

  
  

Description:

VMware has published a security advisory to address multiple vulnerabilities in VMware products. The list of security updates can be found at:

  • https://www.vmware.com/security/advisories/VMSA-2021-0018.html
  • https://www.vmware.com/security/advisories/VMSA-2021-0019.html

 

Affected Systems:

  • VMware vRealize Log Insight
  • VMware vRealize Operations
  • VMware vRealize Suite Lifecycle Manager
  • VMware Cloud Foundation

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could lead to cross-site scripting, privilege escalation, information disclosure or security restriction bypass on the affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.vmware.com/security/advisories/VMSA-2021-0018.html
  • https://www.vmware.com/security/advisories/VMSA-2021-0019.html
  • https://us-cert.cisa.gov/ncas/current-activity/2021/08/25/vmware-releases-security-updates-multiple-products
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22021 (to CVE-2021-22027)

 



Tag: VMware , vRealize Log Insight , vRealize Operations , vRealize Suite Lifecycle Manager , VMware Cloud Foundation
Tags