VMware warns of critical bug in default vCenter Server installs

VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments.

vCenter Server is a server management solution that helps IT admins manage virtualized hosts and virtual machines in enterprise environments via a single console.

“This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server,” said Bob Plankers, Technical Marketing Architect at VMware.

“A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.”

In May, VMware issued a similar warning regarding a critical remote code execution flaw in the Virtual SAN Health Check plug-in impacting all vCenter Server deployments.

Another critical RCE bug affecting all vCenter Server deployments running a vulnerable vCenter Server plug-in for vRealize Operations present in all default installations was fixed in February.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.
Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

Scroll to Top

BOOK A MEETING WITH AN EXPERT

Enter Your Corporate Email