Headline
VMware Security Advisory 2021-0025.3
VMware Security Advisory 2021-0025.3 - VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048 and introduced a functional issue.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256VMSA-2021-0025 - VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)Please see the updated advisory here: https://www.vmware.com/security/advisories/VMSA-2021-0025.htmlChangelog:2022-07-23 VMSA-2021-0025.3VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048 and introduce a functional issue. Please review https://kb.vmware.com/s/article/89027 for more information.You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce.-----BEGIN PGP SIGNATURE-----iHUEAREIAB0WIQQ950nPZL1VtgrpULuSf/JD335VcQUCYtrt4QAKCRCSf/JD335VceucAQDXP/4/8IvGylY6CuLATkL4QjNNsWZtD0j6awCFz4udqQEA/SYsuuTbNJ53Q6/yEPW3b7gvQrG2IrlD2n0I/SvHHnQ==VQbJ-----END PGP SIGNATURE-----Related news
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
VMware Security Advisory 2022-0025.2 - VMware vCenter Server updates address a privilege escalation vulnerability.
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.