VMWRE GÜVENLİK ZAFİYETİ

VMWARE firması birden fazla ürününün güvenlik açığı için güncelleme yayınladı. Versiyonlar vRealize Operations, Cloud Foundation, vRealize Suite Lifecycle manager için yayınlanan güncelleştirmeler aşağıdaki listedeki gibidir.

CVE-2021-22022  – Arbitrary file read vulnerability in vRealize Operations Manager API, leading to information disclosure (CVSS score: 4.4)

CVE-2021-22023– Insecure direct object reference vulnerability in vRealize Operations Manager API, enabling an attacker with administrative access to alter other users’ information and seize control of an account (CVSS score: 6.6)

CVE-2021-22024  – Arbitrary log-file read vulnerability in vRealize Operations Manager API, resulting in sensitive information disclosure (CVSS score: 7.5)

CVE-2021-22025  – Broken access control vulnerability in vRealize Operations Manager API, allowing an unauthenticated malicious actor to add new nodes to the existing vROps cluster (CVSS score: 8.6)

CVE-2021-22026 and CVE-2021-22027 – Server Side Request Forgery vulnerability in vRealize Operations Manager API, leading to information disclosure (CVSS score: 7.5)

Güncelleştirmelerinizi eksiksiz şekilde yapmanızı önemle tavsiye ediyoruz.