CVE-2021-22048

ByUsta 16 Aralık 2022

CVSSv3 Range	7.1
Issue Date	2021-11-10
Updated On	2022-12-15
CVE(s)	CVE-2021-22048
Synopsis	VMware vCenter Server updates address a privilege escalation vulnerability.

[Important]

Impacted Products

VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)

Known Attack Vectors

A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

Workarounds

Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 or later) from Integrated Windows Authentication (IWA) as documented in the KB listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

Resolution

Fixes for CVE-2021-22048 are documented in the ‘Fixed Version‘ column of the ‘Response Matrix‘ below.

Impacted Products	Fıxed VersIon	Workarounds
vCenter Server 8.0	8.0a	KB86292
vCenter Server 7.0	7.0 U3i	KB86292
vCenter Server 6.7	7.0 U3i	KB86292
vCenter Server 6.5	7.0 U3i	KB86292
Cloud Foundation \| vCenter Server 4.x	KB90336	KB86292
Cloud Foundation \| vCenter Server 3.x	KB90336	KB86292

Response Matrix

Reference

CVE-2021-22048

Bunu beğen:

CVE-2021-22033

Bunu beğen:

CVE-2022-31685

Bunu beğen:

CVE-2022-31693

Bunu beğen:

Bir yanıt yazın Yanıtı iptal et

Bunu beğen:

Similar Posts

Bunu beğen:

Bunu beğen:

Bunu beğen:

Bir yanıt yazın Yanıtı iptal et