Merhaba, birden çok VMware ürününde kritiklik seviyesi CVSSv3 7.1(2021-0025.6) ve 4.4-7.2 (2022-0034) aralığında olan bu açıklardan etkilenen ürünler;
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
- VMware vRealize Operations (vROps)
VMSA-2021-0025.6 VMware vCenter Server (vCenter Server) ve VMware Cloud Foundation (Cloud Foundation) Yetki yükseltme zafiyetini içeriyor. Response Matrix’de belirtilen workarounds veya fixlenmiş versiyonlara geçilmesi öneriliyor.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| vCenter Server | 8.0 | Any | CVE-2021-22048 | 7.1 | Important | 8.0a | KB86292 | None |
| vCenter Server | 7.0 | Any | CVE-2021-22048 | 7.1 | Important | 7.0 U3i | KB86292 | None |
| vCenter Server | 6.7 | Any | CVE-2021-22048 | 7.1 | Important | 7.0 U3i | KB86292 | None |
| vCenter Server | 6.5 | Any | CVE-2021-22048 | 7.1 | Important | 7.0 U3i | KB86292 | None |
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| Cloud Foundation (vCenter Server) | 4.x | Any | CVE-2021-22048 | 7.1 | Important | KB90336 | KB86292 | None |
| Cloud Foundation (vCenter Server) | 3.x | Any | CVE-2021-22048 | 7.1 | Important | KB90336 | KB86292 | None |
VMSA-2022-0034 VMware vRealize Operations (vROps) Yetki yükseltme zafiyetini içeriyor. Response Matrix’de belirtilen fixlenmiş versiyonlara geçilmesi öneriliyor.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware vRealize Operations (vROps) | 8.10 | Any | CVE-2022-31707, CVE-2022-31708 | 4.4, 7.2 | Important | 8.10.1 | N/A | N/A |
| VMware vRealize Operations (vROps) | 8.6.x | Any | CVE-2022-31707, CVE-2022-31708 | 4.4, 7.2 | Important | KB90232 | N/A | N/A |
İlgili security advisory linkler için 1 2
İyi fixlemeler 🙂
