Get our weekly newsletter File upload vuln lets miscreants hijack vCenter Server - and is being exploited in the wild
Update VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround. The bug is one of 19 disclosed today by VMware. The worst of the bunch is CVE-2021-22005, described as "an arbitrary file upload vulnerability in the Analytics service" that's part of vCenter Server. The flaw is rated 9.8/10 in severity using the Common Vulnerability Scoring System. "A malicious actor with net...