VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform

Products You May Like

VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product.

Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library.

“Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of ‘root’ on the appliance,” the company said in an advisory.


In light of the severity of the flaw and its relatively low bar for exploitation, the Palo Alto-based virtualization services provider has also made available a patch for end-of-life products.

Also addressed by VMware as part of the update is CVE-2022-31678 (CVSS score: 5.3), an XML External Entity (XXE) vulnerability that could be exploited to result in a denial-of-service (DoS) condition or unauthorized information disclosure.

Security researchers Sina Kheirkhah and Steven Seeley of Source Incite have been credited with reporting both flaws.

Users of VMware Cloud Foundation are advised to apply the patches to mitigate potential threats.

Cyber Security

Products You May Like

Articles You May Like

Elon Musk Calls Donald Trump’s Twitter Ban ‘Grave Mistake’, Condemns Violence
Google Docs, Sheets, Slides on Android Optimised for Foldable Phones, Tablets
Twitter Layoffs: Firms Appeal to Disdain of Elon Musk’s Management to Woo Ex-Twitter Staff
Millions of Android Devices Still Don’t Have Patches for Mali GPU Flaws
PSLV to Launch Pixxel’s Hyperspectral Imaging Satellite Anand on November 26

Leave a Reply

Your email address will not be published. Required fields are marked *