Skip to main content

VMWare Products Multiple Vulnerabilities

Last Update Date: 26 Apr 2022 Release Date: 7 Apr 2022 2058 Views

RISK: Extremely High Risk

TYPE: Operating Systems - VM Ware

TYPE: VM Ware

Multiple vulnerabilities were identified in VMware products. An attacker could exploit some of these vulnerabilities to trigger cross site scripting, elevation of privilege, remote code execution, security restriction bypass and information disclosure.

 

[Updated on 2022-04-26] CVE-2022-22954 and CVE-2022-22960 are being exploited in the wild. Exploitation of CVE-2022-22954 may trigger remote code execution vulnerability while exploitation of CVE-2022-22960 may trigger elevation of privilege vulnerability. The risk level is changed from medium risk to extremely high risk correspondingly. HKCERT urges users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.


Impact

  • Cross-Site Scripting
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

Please visit the vendor web-site for more details.


Solutions

Before installation of the software, please visit the vendor web-site for more details.

 


Vulnerability Identifier


Source


Related Link