{"id":30551,"date":"2023-06-23T09:52:14","date_gmt":"2023-06-23T07:52:14","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=30551"},"modified":"2023-06-23T09:52:14","modified_gmt":"2023-06-23T07:52:14","slug":"vmware-patched-vulnerabilities-in-vcenter-server-june-22-2023","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/06\/23\/vmware-patched-vulnerabilities-in-vcenter-server-june-22-2023\/","title":{"rendered":"VMware patched vulnerabilities in vCenter Server (June 22, 2023)"},"content":{"rendered":"

\"Sicherheit[German<\/a>]VMware has released updates to its vCenter servers to patch important vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895 and CVE-2023-20896). In addition, the opportunity could also be used to update VMware tools to close the authentication vulnerability CVE-2023-20867.<\/p>\n

<\/p>\n

\"\"I had already seen the information about the vulnerabilities among others on Twitter from colleagues in the following tweet<\/a>, but German blog reader Stefan K. had also informed me yesterday by mail (thanks for that) and wrote:<\/p>\n

\"VMware<\/a><\/p>\n

Hello G\u00fcnter,<\/p>\n

might be worth a note that VMware has closed some vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895 and CVE-2023-20896) in vCenter Server.<\/p>\n

[\u2026]<\/p>\n

Even though a vCenter Server should not be accessible from the Internet, there have been successful attacks in the past because some people dare to do it. You had reported: Review of the VMware ESXi server cyberdebacle (Feb. 2023)<\/a><\/p>\n

During the action, the gap in the VMware tools can also be patched at the same time (CVE-2023-20867), even if it is not quite as critical.<\/p><\/blockquote>\n

VMware published Security Advisory VMSA-2023-0014<\/a>, iwhich lists the vulnerabilities mentioned above. The company writes there:<\/p>\n

VMware has been notified of several vulnerabilities in VMware vCenter Server that corrupt memory. Updates are available to address these vulnerabilities in the affected VMware products.<\/p><\/blockquote>\n

Details on the vulnerabilities and affected product versions can be found in the Security Advisory. The following VMware products are affected:<\/p>\n