VMware, VMware vRealize Operations, VMware Cloud Foundation ve vRealize Suite Lifecycle Manager’da çıkan zafiyetler için güncelleme yayınladı.
Zafiyet ise aşağıdaki gibi listelendi:
- CVE-2021-22022 (CVSS score: 4.4) – Arbitrary file read vulnerability in vRealize Operations Manager API, leading to information disclosure
- CVE-2021-22023 (CVSS score: 6.6) – Insecure direct object reference vulnerability in vRealize Operations Manager API, enabling an attacker with administrative access to alter other users’ information and seize control of an account
- CVE-2021-22024 (CVSS score: 7.5) – Arbitrary log-file read vulnerability in vRealize Operations Manager API, resulting in sensitive information disclosure
- CVE-2021-22025 (CVSS score: 8.6) – Broken access control vulnerability in vRealize Operations Manager API, allowing an unauthenticated malicious actor to add new nodes to the existing vROps cluster
- CVE-2021-22026 and CVE-2021-22027 (CVSS score: 7.5) – Server Side Request Forgery vulnerability in vRealize Operations Manager API, leading to information disclosure
VMware ayrıca, VMware vRealize Log Insight ve VMware Cloud Foundation’ı etkileyen XSS güvenlik açığını gidermek için yamalar yayınladı.
Güncellemeleri yüklemek için buradaki linki kullanabilirsiniz.
Kaynak: thehackernews.com
