"VMware has pushed a second patch for a critical heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems."
"Both bugs were originally patched on September 17. But, as VMware owner Broadcom noted on Monday, the fixes 'did not completely address' either CVE."
"The first critical flaw, tracked as CVE-2024-38812, affects vCenter 7.0.3, 8.0.2, and 8.0.3, plus running any version of vSphere or VMware Cloud Foundation prior to the versions listed above."
"All customers are strongly encouraged to apply the patches currently listed in the Response Matrix," Broadcom noted in its security advisory.
Collection
[
|
...
]