Vulnerability in VMware Product Has Severity Rating of 9.8 Out of 10
upstart writes in with an IRC submission:
Vulnerability in VMware product has severity rating of 9.8 out of 10:
Data centers around the world have a new concern to contend with-a remote code vulnerability in a widely used VMware product.
The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data centers. vCenter Server is used to administer VMware's vSphere and ESXi host products, which by some rankings are the first and second most popular virtualization solutions on the market. Enlyft, a site that provides business intelligence, shows that more than 43,000 organizations use vSphere.
[...] "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server," Tuesday's advisory stated. "VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8... A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
Read more of this story at SoylentNews.