The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vcenter server 6.5 |
||
vmware vcenter server |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources And for bonus points, there's a Windows flaw under active exploit
Patch Tuesday Microsoft fixed more than 80 security flaws in its products for October's Patch Tuesday. But let's start off with what Redmond didn't fix: two Exchange Server bugs dubbed ProxyNotShell that have been exploited by snoops as far back as August. CVE-2022-41040 is a server-side request forgery vulnerability while CVE-2022-41082 is a remote code execution (RCE) bug. Both can be exploited together to run PowerShell commands on a vulnerable system and take control of it. Vietnamese cybers...