Vulnerability in VMware product has severity rating of 9.8 out of 10

Close-up photo of police-style caution tape stretched across an out-of-focus background.

Enlarge (credit: Michael Theis / Flickr)

Data centers around the world have a new concern to contend with—a remote code vulnerability in a widely used VMware product.

The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data centers. vCenter Server is used to administer VMware’s vSphere and ESXi host products, which by some rankings are the first and second most popular virtualization solutions on the market. Enlyft, a site that provides business intelligence, shows that more than 43,000 organizations use vSphere.

“Serious”

A VMware advisory said that vCenter machines using default configurations have a bug that, in many networks, allows for the execution of malicious code when the machines are reachable on a port that is exposed to the Internet. The vulnerability is tracked as CVE-2021-21985 and has a severity score of 9.8 out of 10.

Read 8 remaining paragraphs | Comments