New vulnerabilities have been reported to VMware about the HTML5 web client of the vCenter server. As VMware announced here this new RCE is about the affected Virtual SAN Health Check plug-in (that is enabled by default in all vCenter Server deployment types, whether VSAN feature is being used or not).
Bob Plankers writes everything about the CVE-2021-21985 and CVE-2021-21986 here:
https://blogs.vmware.com/vsphere/2021/05/vmsa-2021-0010.html
Also, product patches are available and you can download them based on your VCSA version.
Great reading and extremely comprehensive post – pretty much covers everything...
ReplyDelete