Thursday, January 21, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Critical Unpatched VMware Flaw Affects Multiple Corporates Products

November 24, 2020
in Internet Privacy
Critical Unpatched VMware Flaw Affects Multiple Corporates Products
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system.

“A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system,” the virtualization software and services firm noted in its advisory.

You might also like

Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

Tracked as CVE-2020-4006, the command injection vulnerability has a CVSS score of 9.1 out of 10 and impacts VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

While the company said patches for the flaw are “forthcoming,” it didn’t specify an exact date by when it’s expected to be released. It’s unclear if the vulnerability is under active attack.

The complete list of products affected are as follows:

  • VMware Workspace One Access (versions 20.01 and 20.10 for Linux and Windows)
  • VMware Workspace One Access Connector (versions 20.10, 20.01.0.0, and 20.01.0.1 for Windows)
  • VMware Identity Manager (versions 3.3.1, 3.3.2, and 3.3.3 for Linux and Windows)
  • VMware Identity Manager Connector (versions 3.3.1, 3.3.2 for Linux and 3.3.1, 3.3.2, 3.3.3 for Windows)
  • VMware Cloud Foundation (versions 4.x for Linux and Windows)
  • vRealize Suite Lifecycle Manager (versions 8.x for Linux and Windows)

VMware said the workaround applies only to the administrative configurator service hosted on port 8443.

“Configurator-managed setting changes will not be possible while the workaround is in place,” the company said. “If changes are required please revert the workaround following the instructions below, make the required changes and disable again until patches are available.”

The advisory comes days after VMware addressed a critical flaw in ESXi, Workstation, and Fusion hypervisors that could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code and escalate their privileges on the affected system (CVE-2020-4004 and CVE-2020-4005).

The vulnerability was discovered by Qihoo 360 Vulcan Team at the 2020 Tianfu Cup Pwn Contest held earlier this month in China.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Introducing an All-purpose, Robust, Fast, Simple Non-linear Regression

Next Post

SEC alleges Benja CEO duped investors to fund a non-existent e-commerce empire

Related Posts

Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps
Internet Privacy

Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps

January 20, 2021
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
Internet Privacy

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

January 20, 2021
SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
Internet Privacy

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

January 20, 2021
A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
Internet Privacy

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

January 20, 2021
Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack
Internet Privacy

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

January 19, 2021
Next Post
SEC alleges Benja CEO duped investors to fund a non-existent e-commerce empire

SEC alleges Benja CEO duped investors to fund a non-existent e-commerce empire

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

4Paradigm Defends its Championship in China’s Machine Learning Platform Market in the 1st Half of 2020, According to IDC
Machine Learning

4Paradigm Defends its Championship in China’s Machine Learning Platform Market in the 1st Half of 2020, According to IDC

January 21, 2021
The Content Habits and Preferences of Engineers
Marketing Technology

The Content Habits and Preferences of Engineers

January 21, 2021
Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data
Internet Security

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data

January 21, 2021
Skyrim modders have a new machine learning tool that turns text to realistic NPC speech
Machine Learning

Skyrim modders have a new machine learning tool that turns text to realistic NPC speech

January 21, 2021
6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021
Neural Networks

6 Major AI Use Cases In IT Operations | by Gina Shaw | Jan, 2021

January 21, 2021
Agile Marketing: 3 Tips for a Post-Pandemic Economy
Marketing Technology

Agile Marketing: 3 Tips for a Post-Pandemic Economy

January 21, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 4Paradigm Defends its Championship in China’s Machine Learning Platform Market in the 1st Half of 2020, According to IDC January 21, 2021
  • The Content Habits and Preferences of Engineers January 21, 2021
  • Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data January 21, 2021
  • Skyrim modders have a new machine learning tool that turns text to realistic NPC speech January 21, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates