A critical vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere is still being exploited, according to application vulnerability detection company Wallarm Detect (NSX-V).
The problem was identified as CVE-2021-39144 (CVSS score of 9.8) and patched by VMware in October 2022, even though the affected product had already reached end-of-life (EOL) status in January 2022.
A malicious actor could obtain remote code execution in the context of “root” on the appliance due to an unauthenticated endpoint that uses XStream for input serialization in VMware Cloud Foundation (NSX-V), VMware stated. The open-source XStream library was found to contain a security flaw.
Read More: Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.