VMware has released security updates to address vulnerabilities in VMware Fusion, Remote Console, and Horizon Client. With CVE-2020-3974, an attacker could exploit this vulnerability to take privilege escalation control of an infected system.
VMware has released a security update to address CVE-2020-3973, a vulnerability in VeloCloud. A malicious actor with tenant access to Velocloud Orchestrator could enter especially crafted SQL queries and obtain data to which they are not privileged.
Trend Micro recommends customers to apply Apex One Patch 3 (Build 8358) to address incompatibility issues with Windows 10 (20H1/2004).
July 8, 2020
This advisory provides information about the Apache Guacamole (HTML5 Access) vulnerabilities highlighted in CVE-2020-9498 and CVE-2020-9497. If an end user connects to a malicious or compromised RDP server, a series of specially-crafted PDUs could result in memory corruption or result in disclosure of information within the memory of the guard process handling the connection.