EUVD-2021-9147

Malicious code in bioql PyPI...

CVE-2021-21976

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in vSphere Replication. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0001 and apply the necessary update...

Vulnerability fixed in vSphere Replication

VMWare has fixed a vulnerability in vSphere Replicator. A malicious person with management privileges in Replicator can exploit the vulnerability exploit it to execute arbitrary code with system privileges on the underlying system. Because such an attack fits into the so-called "evil admin"...

CVE-2021-21976

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

CVE-2021-21976

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

Command injection

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

CVE-2021-21976

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...

CVE-2021-21976

CVE-2021-21976 is a post-authentication command injection in vSphere Replication that may allow an authenticated admin to achieve remote code execution. Affected: vSphere Replication 8.3.x (before 8.3.1.2), 8.2.x (before 8.2.1.1), 8.1.x (before 8.1.2.3), and 6.5.x (before 6.5.1.5). Root cause: vu...

vSphere Replication Command Injection Vulnerability

A command injection vulnerability exists in vSphere Replication that originates when a network system or product does not properly filter specific elements of externally entered data during the construction of executable commands. An attacker could exploit this vulnerability to execute an illegal...

VMSA-2021-0001:vSphere Replication updates address a command injection vulnerability

Advisory ID: VMSA-2021-0001 CVSSv3 Range: 7.2 Issue Date:2021-02-11 Updated On: 2021-02-11 Initial Advisory CVEs: CVE-2021-21976 Synopsis: vSphere Replication updates address a command injection vulnerability CVE-2021-21976 RSS Feed Download PDF Download Text File Share this page on social media:...

VMware vSphere Replication Oracle JRE JMX Deserialization RCE (VMSA-2016-0005)

The VMware vSphere Replication running on the remote host is version 5.6.x prior to 5.6.0.6, 5.8.x prior to 5.8.1.2, 6.0.x prior to 6.0.0.3, or 6.1.x prior to 6.1.1. It is, therefore, affected by a remote code execution vulnerability in the Oracle JRE JMX component due to a flaw related to the...

VMSA-2016-0005:VMware product updates address CRITICAL and HIGH security issues

VMSA-2016-0005.5 VMware product updates address critical and important security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0005.5 VMware Security Advisory Synopsis: VMware product updates address critical and important security issues. VMware Security Advisory...

KLA10530 JRE update for multiple VMware products

Multiple VMware products were updated to address vulnerabilities in Oracle Java. For details look at KLA10447. Original advisories VMSA advisory KLA10447 Exploitation Public exploits exist for this vulnerability. Related products VMware-unclassified-products CVE list CVE-2014-6593 warning Solutio...

VMware vSphere Replication Bash Environment Variable Command Injection Vulnerability (VMSA-2014-0010) (Shellshock)

The VMware vSphere Replication installed on the remote host is version 5.1.x prior to 5.1.2.2, 5.5.x prior to 5.5.1.3, 5.6.x prior to 5.6.0.2, or 5.8.x prior to 5.8.0.1. It is, therefore, affected by a command injection vulnerability in GNU Bash known as Shellshock, which is due to the processing...

VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

The VMware vSphere Replication installed on the remote host is version 5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into oth...