VMware has issued a security fix for a VMware Tanzu Application Service for VMs vulnerability.
The Tanzu Application Service for VMs contains a denial-of-service vulnerability (CVE-2021-22101) in the Cloud Controller (CAPI) from Cloud Foundry. VMware has rated the flaw Important and CVSSv3 base score is 7.5.
“A remote attacker can leverage this vulnerability to cause denial of service by using REST HTTP requests and generating an enormous SQL query leading to database (ccdb) unavailability,” VMware stated in the advisory.
Impacted products include VMware Tanzu Application Service for VMs.
The update comes just a day after VMware issued another security fix for a VMware vCenter Server IWA privilege escalation vulnerability.
- VMware patches vCenter Server IWA privilege escalation vulnerability (CVE-2021-22048)
- VMware patches Critical vCenter Server vulnerability (CVE-2021-22005) exploited in the wild
- Babuk ransomware: Soon to be targeting VMware and *nix systems?
- Thousands of unpatched VMware vCenter servers exposed on the internet