VMware addresses a high-severity vulnerability that affects multiple products. By exploiting it, attackers can access confidential information.
The Reading Out Of Limits Vulnerability Affects VMware ESXi, Workstation, and Fusion. Users are advised to update with the fixed versions.
"A malicious actor with local non-administrative access to a virtual machine may be able to read privileged information that is stored in memory," the recommendation said.
A privilege escalation vulnerability exists in VMware Horizon Client for Windows due to the configuration of folder privileges and the insecure loading of libraries.
The vulnerability could be exploited by a local user on the system who can execute commands like any user.
The vulnerability affects Horizon Client for Windows 5.x and earlier versions that were fixed in version 5.4.3. The vulnerability is considered an important severity level and CVSSv3 baseline of 8.4.
A code injection vulnerability with VMware Cloud Director leads to arbitrary remote code execution. The vulnerability could be exploited by threat actors by sending malicious traffic to VMware Cloud Director.
"This vulnerability could be exploited through the HTML5 and Flex-based user interfaces, the API Explorer interface and API access," the recommendation said.
You can follow us on Linkedin, Twitter, Facebook for daily cybersecurity updates.