VMware Releases Security Update

Threat ID:: CC-3949
Threat Severity:: Information only
Published:: 22 September 2021 12:49 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Versions: 7.0 - all prior to 7.0 U2c, 6.7 - all prior to 6.7 U3o, 6.5 - all prior to 6.5 U3q

VMware vCenter Server

Versions: 4.x - all prior to 4.3.1, 3.s - all prior to 3.10.2.2

VMware Cloud Foundation

Threat details

VMware has released a critical security update to address 19 vulnerabilities in vCenter Server and Cloud Foundation. An attacker could exploit these vulnerabilities to take control of an affected system.

The security update addresses a critical vulnerability, CVE-2021-22005, which requires urgent action. Please see the following Cyber Alert for more information: https://digital.nhs.uk/cyber-alerts/2021/cc-3948

Remediation advice

Affected organisations are encouraged to review VMware Security Advisory VMSA-2021-0020 and apply any relevant updates or workarounds.

Definitive source of threat updates

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

CVE Vulnerabilities