Security Alert (A23-02-18): Multiple Vulnerabilities in VMware Products


 

Published on: 22 February 2023

  
  

Description:

VMware has published security advisories to address multiple vulnerabilities in VMware products. The list of the security updates can be found at:
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
https://www.vmware.com/security/advisories/VMSA-2023-0005.html

 

Affected Systems:

  • VMware Carbon Black App Control
  • VMware Cloud Foundation
  • VMware vRealize Automation
  • VMware vRealize Orchestrator

 

Impact:

Depending on the vulnerability being exploited, a successful exploitation could lead to arbitrary command injection, information disclosure, privilege escalation or security restriction bypass on the affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.vmware.com/security/advisories/VMSA-2023-0004.html
  • https://www.vmware.com/security/advisories/VMSA-2023-0005.html
  • https://www.hkcert.org/security-bulletin/vmware-products-multiple-vulnerabilities_20230222
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20855
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20858


Tag: VMware , VMware Carbon Black App Control , VMware Cloud Foundation , VMware vRealize Automation , VMware vRealize Orchestrator
Tags