VMware on Tuesday informed customers about the negligent access to file readings and the vulnerability of server-side application forgery (SSRF) affecting its vCenter Server product.
A case-by-case file study, tracked as CVE-2021-21980 and rated with “high difficulty” (important), affects vSphere Web Client and can be used to retrieve sensitive attacker with network access to port 443 in vCenter Server.
The second error, identified as CVE-2021-22049 and rated “average difficulty” (medium), affects the vSphere Web Client, especially the vSAN Web Client plug-in. Patches have been released for affected vCenter Server versions and they are pending for Cloud Foundation.
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News