VMware Issues Patch for 2 Severe Flaws Posing Credential Theft Risk
Health IT Security
VMware issued a software update for its vRealize Operations, Cloud Foundation, and Lifecycle Manage to address two severe flaws that could allow an attacker to steal admin credentials and manipulate or access device information.
The affected technologies are found in VMware’s AI-powered IT management platform, which provides self-driving operations for private, hybrid, and multi-cloud environments.
CVE-2021-21975 has been issued a severity rank of 8.5, and CVE-2021-21983 was issued a severity score of 7.2. Both vulnerabilities were privately reported to VMware by researcher Egor Dimitenko of security firm Positive Technologies.
The first flaw is...