There are important security updates for vCenter Server and Cloud Foundation of VMware. Admins should install the safe versions promptly.
As is apparent from a warning message, the as "critical" Stained Safety Challenge (CVE-2021-21985) vCenter Server 6.5, 6.7, 7.0 and Cloud Foundation 3.X and 4.X on all platforms. With server management software, admins access and manage these.
The error can be found in the vSphere Client (HTML5) in the standard active plug-in San Health Check. Due to insufficient checks, attackers with access to port 443 were able to export shady with unrecorded rights in the host system.
Another closed luck (CVE-2021-21986) is with "moderate" classy. An attacker could not exports described here. In contrast, the following versions are secured:
VMware VCloud Foundation 188.8.131.52
- VMware vCloud Foundation 4.2.1
- vCenter Server 6.5 U3P
- vCenter Server 6.7 U3N
- vCenter Server 7.0 U2B
If Admins can not install the patches at the moment, you should secure your systems on a workaround described in a post. The basis of it is that affected plug-in in the status "incompatible" put up.