Patches for vulnerabilities in VMware’s ThinApp application virtualization tool, ESXi hypervisor, and Cloud Foundation hybrid cloud platform are now available.
CVE-2021-21994, the most serious of these flaws, is an incorrect authentication problem in SFCB, which is used in ESXi. The bug has a CVSS score of 7.0, which indicates that it is critical.
A hostile actor with network access to port 5989 on ESXi might send a specially designed request to bypass SFCB authentication, according to VMware. Only if the SFCB service is running, the vulnerability can be exploited. The service, however, is disabled by default
To Read More: securityweek
For more such updates follow us on Google News ITsecuritywire News.
