Exposure of vSphere's CPI and CSI credentials in Rancher

Impact A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a...

SUSE CVE-2022-45157

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

PT-2024-10044 · Rancher +1 · Rancher +1

Name of the Vulnerable Software and Affected Versions: Rancher versions prior to 2.8.9 Rancher versions prior to 2.9.3 Rancher versions 2.7.0 through 2.7.x Description: A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container...

Failed to collect disk files location data. Timeout exceeded.

Challenge A Backup from Storage Snapshot BfSS job in Veeam Backup & Replication VBR for a vSphere virtual machine VM fails with the error: Failed to collect disk files location data. Timeout exceeded. Cause This error is displayed when the disk file location collection task, Map Disk Region, with...

Veeam Backup & Replication 12.1.2 Compatibility with vSphere 8.0 U3

Update 2025-03-31 The "Automatic vCLS VM Exclusion" limitation detailed below was resolved starting in Veeam Backup & Replication 12.2. The NSX-T 4.2 support limitation detailed below was resolved, and NSX-T 4.2.1 is supported fully starting in Veeam Backup & Replication 12.3.1. Support Statement...

VMware vSphere 6 - Citrix Known Issues

Citrix is committed to ensuring compatibility with the latest VMware hypervisor releases. VMware released vSphere 6 in March 2015, vSphere 6 Update 1 in September 2015, vSphere 6 Update 2 in March 2016 and vSphere 6 Update 3 in March 2017. Basic compatibility testing has been performed between...

VMware vSphere 5.5 - Citrix Known Issues

Citrix is committed to ensuring compatibility with the latest VMware products. Citrix supports VMware vSphere 5.5, vSphere 5.5 Update 1, vSphere 5.5 Update 2, and vSphere 5.5 Update 3. This article outlines issues and their known solutions that users of vSphere 5.5, vSphere 5.5 Update 1, vSphere...

VMware vSphere 5.5 - Communication Issue from Studio Console

Hosting a VMware vSphere 5.5 server through XenDesktop or XenApp Studio displays the following error:...

Provisioning Services Server Target Devices BSOD with KERNEL_SECURITY_CHECK_FAILURE When Cache is Set on RAM

Provisioning Services PVS Server target devices streamed to a vSphere Virtual Machine displays a blue screen withKERNELSECURITYCHECKFAILURE when cache is set on RAM...

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 CVSS scores: 9.8 -...

VMware vCenter Server Security Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments that automates the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

Veeam Kasten for Kubernetes - vSphere Block Mode Exports Failure With Error 14009

Challenge During vSphere block mode export, in certain situations, it might be observed that the folders/objects get created in the storage bucket. However, the export job remains stuck, and the following error message is seen in the debug logs: "Open virtual disk file failed. The error code is...

It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move...

K000139012: BIG-IP Next Central Manager vulnerability CVE-2024-33612

Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. CVE-2024-33612...

GHSA-5XFG-WV98-264M Sensitive Information leak via Log File in Kubernetes

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

Sensitive Information leak via Log File in Kubernetes

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

New machines with vTPM have the same thumbprint in vSphere

New machines have the same vTPM thumbprint as the master image in vSphere. This can be seen using PowerCLI and comparing the machines with the following command: Get-VTpm -vm | Get-VTpmCertificate...

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin EAP following the discovery of a critical security flaw. Tracked as CVE-2024-22245 CVSS score: 9.6, the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a...

Vulnerability fixed in NetApp Active IQ Unified Manager

NetApp has fixed a vulnerability in the Spring Web Services component of Active IQ Unified Manager for Windows, Linux, and VMware vSphere. The vulnerability allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a denial-of-service. NetApp has release...

Security feature bypass

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate...