VMware addresses SSRF, arbitrary file read flaws in vCenter Server


VMware has released security updates for vCenter Server after fixing arbitrary file read and serverside request forgery (SSRF) vulnerabilities in the vSphere Web Client (FLEX/Flash).

With a CVSS rating of 7.5, the most severe is the arbitrary file read bug (CVE202121980), abuse of which could potentially enable a malicious actor to gain access to sensitive information.

Read More…