The recently patched vCenter Server vulnerability, identified as CVE-2021-22005, has been exploited in the wild, according to VMware, and some experts believe it was linked to another flaw repaired in the same batch of updates.
Customers were notified on September 21 that patches for VMware’s vCenter Server software had been issued, patching 19 vulnerabilities, including CVE-2021-22005, a significant arbitrary file upload weakness that might lead to arbitrary code execution on vulnerable servers.
Threat intelligence firm Bad Packets reported noticing internet scans targeting CVE-2021-22005 the next day, but the activity appeared to be restricted. Initial scans looked to be based on a workaround test that VMware disclosed when the updates were released.
To Read More: Security Week
For more such updates follow us on Google News ITsecuritywire News.