Vulnerability in VMware product has severity rating of 9.8 out of 10

Close-up photo of police-style caution tape stretched across an out-of-focus background.

Enlarge (credit: Michael Theis / Flickr)

Data centers around the world have a new concern to contend with—a remote code vulnerability in a widely used VMware product. The vulnerability has a severity score of 9.8 out of 10.

The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data centers. It’s used to administer VMware’s vSphere and ESXi host products, which by some rankings are the Nos. 1 and 2 most popular virtualization solutions on the market. Enlyft, a site that provides business intelligence, shows that more than 43,000 organizations use vSphere.


A VMware advisory said that vCenter machines using default configurations have a bug that allows for the execution of malicious code when they’re reachable on a port that’s exposed to the Internet in many networks. The vulnerability, tracked as CVE-2021-21985, has a severity rating of 9.8 out of a possible 10.

Read 8 remaining paragraphs | Comments

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button