Headline
VMware Security Advisory 2022-0025.2
VMware Security Advisory 2022-0025.2 - VMware vCenter Server updates address a privilege escalation vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256VMSA-2021-0025.2 - VMware vCenter Server updates address a privilegeescalation vulnerability (CVE-2021-22048)Please see the updated advisory here:https://www.vmware.com/security/advisories/VMSA-2021-0025.htmlChangelog:2022-07-12 VMSA-2021-0025.2Added fixed version of vCenter Server 7.0 in the Response Matrix.You are receiving this alert because you are subscribed to the VMwareSecurity Announcements mailing list. To modify your subscription orunsubscribe please visithttps://lists.vmware.com/mailman/listinfo/security-announce-----BEGIN PGP SIGNATURE-----Version: Encryption Desktop 10.4.2 (Build 1298)Charset: utf-8wlcDBQFizaTKkn/yQ99+VXERCMMrAP9wfQ17yKLa0i2ak5mNIaYBY7E2/loPhYGa4ia2SInBsAD/UFUGamgdbuSEqZN0snicBLxrW3XsXUoqdaonZtuivZs==c+A+-----END PGP SIGNATURE-----Related news
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
VMware Security Advisory 2021-0025.3 - VMware has determined that vCenter 7.0u3f updates previously mentioned in the response matrix do not remediate CVE-2021-22048 and introduced a functional issue.
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.