VMware has issued a patch to fix a High risk vulnerability (CVE-2021-22045) in VMware Workstation, Fusion and ESXi.
VMware has patched arbitrary file read and SSRF vCenter Server vulnerabilities (CVE-2021-21980, CVE-2021-22049) that affect VMware vSphere Web Client.
VMware has issued a security fix for a VMware Tanzu Application Service for VMs vulnerability CVE-2021-22101.
VMware has issued a security fix for a VMware vCenter Server IWA privilege escalation vulnerability (CVE-2021-22048).
VMware issued a security advisory for multiple vulnerabilities that impact VMware vCenter Server. One of those fixed issues is a Critical vulnerability (CVE-2021-22005) exploited in the wild.
VMware issued a security advisory for a High risk vulnerability CVE-2021-22002 that impacts VMware Workspace ONE Access and Identity Manager. Another vulnerability was also addressed in vRealize Automation products.
VMware has patched authentication and denial of service vulnerabilities (CVE-2021-21994, CVE-2021-21995) that impact VMware ESXi and Cloud Foundation products.
VMware has patched a Critical authentication vulnerability CVE-2021-21998 in VMware Carbon Black App Control (AppC). The tech giant also issued a security advisory for a High risk vulnerability in VMware Tools, VMware Remote Console for Windows (VMRC) and VMware App Volumes products.
Security researchers have spotted thousands of vulnerable unpatched VMware vCenter servers exposed on the internet. Multiple proof-of-concepts (PoCs) have also been posted online for exploits against a remote code execution (RCE) vulnerability CVE-2021-21985.
VMware issued a security advisory for a High severity privilege escalation vulnerability CVE-2021-21981 in VMware NSX-T.