Nowadays cloud computing is getting practised by many tech companies, individuals, etc. And for that job, VMware is the name that surely comes into mind. Not only, VMware is a cloud computing company but they also lead the market of virtualization of the desktop environment within the desktop environment. Though these are the two main products this company offers, apart from that, there are different products too. But on Aug 6 2021, VMware Issued patches for fixing critical bugs across multiple products. Today we are going to look more deeply in context to the patches issued by VMware.
How VMware Issued Patches?
The Vulnerability found in the systems of VMware were severe. If one gets access to systems with this Vulnerability, the attacker might get access to confidential information. The patched Vulnerability is tracked with names CVE-2021-22002 (CVSS score: 8.6) and CVE-2021-22003 (CVSS score: 3.7).
The above vulnerabilities affect VMware Workspace One Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager at a very critical level.
CVE-2021-22002 (CVSS score: 8.6) deals with Workspace One Access and Identity Manager to access the “/cfg” file via port 443 resulting in request tampering from the host side.
Who found The Vulnerability?
Suleyman Bayir the system engineer of Trendyol group is responsible for reporting the flaw.
If you are using any of the VMware products then we would highly recommend you to update them to the latest possible version as soon as possible and make sure to keep them up to date and give them a background check every once in a while.