Wednesday 24 February 2021
The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
- VMware ESXi
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
What you need to know:
VMware revealed a critical vulnerability in the HTML5 client of its flagship vSphere hybrid cloud site (CVE-2021-21972) as well as two other nasty bugs (CVE-2021-21973 and CVE-2021-21974) in its recent security advisory.
Actions to be taken:
To remediate CVE-2021-21972, CVE-2021-21973, and CVE-2021-21974, apply the patches listed in the Fixed Version columns of the Response Matrices corresponding the CVEs found in VMSA-2021-0002 (https://www.vmware.com/security/advisories/VMSA-2021-0002.html).