vSphere+ with VMware Cloud Disaster Recovery
+966 11 211 8123 info@usc.net.sa Riyadh, Kingdom Tower Share This Post Share on facebook Share on linkedin Share on twitter Share on email Introduction to
A vulnerability has been discovered in VMware vCenter Server, which could result in remote code execution. VMware vCenter Server is a centralized management utility for VMware and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. An attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system or the user’s running application.
VMware vCenter Server Version 7
VMware vCenter Server Version 6.7
VMware vCenter Server Version 6.5
VMware Cloud Foundation (vCenter Server) Version 4
VMware Cloud Foundation (vCenter Server) Version 3
Government:
Large and medium government entities: HIGH
Small government: medium
Businesses:
Large and medium business entities: HIGH.
Small business entities: MEDIUM.
Home Users: LOW
We recommend the following actions be taken:
Verify host hasn’t been compromised before applying patches.
Apply appropriate updates provided by VMware to vulnerable systems immediately after appropriate testing.
Restrict network access to TCP port 443 to authorized hosts or accessible through a VPN.
Run all software as a non-privileged user.
Remind users not to visit un-trusted websites or follow links provided by untrusted sources.
Before installation of the software, please visit the vendor website for more details.
Apply fixes issued by the vendor:
https://www.vmware.com/security/advisories/VMSA-2022-0009.html
+966 11 211 8123 info@usc.net.sa Riyadh, Kingdom Tower Share This Post Share on facebook Share on linkedin Share on twitter Share on email Introduction to
+966 11 211 8123 info@usc.net.sa Riyadh, Kingdom Tower Share on linkedin Share on twitter Share on email vSphere 6.5/6.7 End Of General Support With the