Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.<\/p>\n\n\n\n
The issue, assigned the identifier CVE-2022-22966<\/strong>, has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari J\u00e4\u00e4skel\u00e4 with reporting the flaw.<\/p>\n\n\n\n „An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server,“ VMware said<\/a> in an advisory.<\/p>\n\n\n\n VMware Cloud Director, formerly known as vCloud Director, is used by many well-known cloud providers to operate and manage their cloud infrastructures and gain visibility into datacenters across sites and geographies.<\/p>\n\n\n\n The vulnerability could, in other words, end up allowing attackers to gain access to sensitive data and take over private clouds within an entire infrastructure.<\/p>\n\n\n\n Affected versions include 10.1.x, 10.2.x, and 10.3.x, with fixes available in versions 10.1.4.1, 10.2.2.3, and 10.3.3. The company has also published workarounds<\/a> that can be followed when upgrading to a recommended version is not an option.<\/p>\n\n\n\n The patches arrive a day after exploits for another recently fixed critical flaw in VMware Workspace ONE Access were detected in the wild.<\/p>\n\n\n\n