About Bechtle
Newsroom
IT Solutions
2021
Critical vulnerability in VMware products – We’re here to support you
IT Solutions - May 28, 2021

Critical vulnerability in VMware products – We’re here to support you.

by Peter Fisch

VMware has reported severe vulnerabilities that impact all current versions of vCenter Server and Cloud Foundation. The issue has been evaluated to be critical and customers are being urged to patch their systems. A workaround is also available.

Written by

Peter Fisch
Team Lead Infrastructure & Cloud Solutions

E-Mail: peter.fisch@bechtle.com

A critical vulnerability has been reported to exist in vCenter Server, the central management system of any VMware infrastructure, as well as in VMware Cloud Foundation. It affects versions 6.5, 6.7 and 7.0, which are currently being supported by the manufacturer.

VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

“A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server,” says VMware in its Advisory.

The vulnerability exists in the vSphere Client (HTML5) in combination with certain extensions to the VMware environment. The following extensions are currently known to be affected:

  • Virtual SAN Health Check plug-in
  • vSAN Health Check
  • Site Recovery
  • vSphere Lifecycle Manager
  • VMware Cloud Director Availability

For customers that are unable to install the required patches at short notice, VMware recommends to temporarily disable the affected plug-ins.

Should you have any questions about the vulnerability or require support in patching your system, please do not hesitate to contact your Bechtle account manager or get in touch with our VMware experts.

VMware Knowledge Base

Share this page

Facebook Bechtle LinkedIn Bechtle Mail Bechtle X Bechtle WhatsApp Bechtle XING Bechtle
This post was published on May 28, 2021.

 

Cloud Security ▷ Secure with Bechtle in the Cloud

Cloud Security ➥ Secure cloud computing in your company ✔ Bechtle's Security as a Service solutions for every risk ✔ See for yourself now

Promotion

AI-based cyber security solutions from Acronis

The Acronis Cyber Protect Cloud integrates data protection and cyber security features—securely, reliably, and affordably. Find out more!

Promotion

Checkpoint - Threat prevention security for enterprise clouds

Any cloud, any app - unmatched security with Checkpoint CloudGuard for your business. Find out about the latest solutions from Bechtle now!

 

Dell | Storage and PowerProtect Cyber Recovery

Dell Technologies Storage and PowerProtect Cyber Recovery – Protecting your business starts with protecting your data.

Customer story

Secure mail delivery thanks to cloud-based e-mail security solution

When a new internet line was to be established at the subsidiaries of the modern Christian Bergische Diakonie, Bechtle secured the entire mail traffic with the cloud-based security solution, Mimecast.

 

Palo Alto 400 series | Next-generation firewall

The Palo Alto 400 series | New next-generation firewalls | Designed for SMEs and the public sector. Buy now or get in touch for a consultation!

Customer story

Carl Fuhr GmbH & Co. KG – More security in the MS Office 365 tenant with Bechtle’s SMART Workplace

When FUHR’s Microsoft Office 365 environment needed to be set up and configured for optimum security, the company purchased the Bechtle Office 365 Managed Tenant Managed Service from the Bechtle Clouds Portal, with the service up and running after only 5 days.

Promotion

Prisma Cloud | Future-proof protection for your migration into the cloud.

Monitor security standards detect and defend against attacks and ensure compliance in public cloud environments and beyond. ➥ Find out more!

 

Level up productivity with a modernised app landscape.

By modernising applications, companies can ready their IT for the cloud and benefit from modern services such as container orchestrators and DevOps.

Promotion

APC Micro Data Centre | Reliable, durable, secure

APC Micro Data Centre ✔ One rack that fits in all Edge environments ✔ Reliable ✔ Durable ✔ Secure ✔ Find out more!

Customer story

SDV Medien+Service GmbH – The benefits of consolidation: A new homogenous IT structure

When it became time for SDV to consolidate their IT on the Dresden site, Bechtle reduced the number of vendors down to three, with the focus squarely on Cisco. The homogeneous IT structure enables compatible updates and integrated features are available throughout the entire system.

Promotion

Citrix and Google – DaaS solutions for the hybrid world of work

Take your digital workplace strategies to the next level with Citrix and Google solutions. DISCOVER NOW >

 

APC cloud data centre solutions

APC sees the cloud as a key technology for the digital transformation. Cloud and system architectures will shape the future. Learn more now.

 

Disaster Recovery as a Service

Sensitive data are a critical asset for every business and essential to customer and partner relations as well as internal processes. If disaster strikes, being able to recover your data and systems fast while maintaining their integrity is imperative.

Press release

Bechtle and Cybereason develop innovative on-premise solution to protect end devices

Bechtle and Cybereason are now offering customers a new EDR solution and services to safeguard end devices including PCs, laptops, tablets, smartphones and servers.

Promotion

Acronis public sector solutions

Acronis public sector solutions. Take advantage of an over 50% discount. Get in touch today!

Customer story

Carl Fuhr GmbH & Co. KG – Keep work secure in the cloud with Bechtle Azure operations

To drive digitalisation, FUHR introduced Microsoft Azure as a cloud with Bechtle. For the secure and legally complaint operation of the Azure Cloud, the company also leveraged Bechtle’s Azure Operations Managed Service bundle. Bechtle now securely manages all systems while FUHR saves costs.

 

Luping Yao

Luping Yao is responsible for security topics (analysis and consulting), firewall implementation and migration (Cisco ASA, Firepower, Meraki and Palo Alto) and Cisco ISE and VPN implementations. Before joining Stemmer, Luping worked as a systems engineer. He holds two CCIE titles in Routing/Switching and Security.

 

The office solution from the cloud | Bechtle.com

The Google Workspace is a comprehensive cloud solution for collaboration within companies | No software or hardware required | Contact Bechtle for a consultation now

 

ExoStruxure Platform | APC by Schneider Electric

EcoStruxure is an IoT-capable, open and interoperable system architecture and platform from APC by Schneider Electric. Find out more!

 

What is the cloud? – Cloud computing explained simply.

Why cloud? How secure is it? What are the advantages for businesses? Find out everything you need to know about the cloud here. | Bechtle AG

Blog

More efficient programming with low code

Projects are often put on ice thanks to a lack of experienced staff. Could we get by without code? A growing number of companies are compromising and choosing low code.

Blog

How can you make your cloud infrastructure secure and easy to handle?

Are you already using clouds? Constructing hybrid multi-clouds is easy as pie, right? It may seem so, seeing how fast some companies decide on their cloud solutions. But sooner or later, these cloud constructs become extremely hard to manage. A much better approach is to migrate into the cloud with a proper plan. This makes management of even the most complex cloud constructions simple and secure.

 

Data centre ▷ Future-proof heart of a company

Do you want to make sure that your data centre is fail-safe and equipped for the future of your business? We plan and configure your IT infrastructure to your exact business needs.

 

Microsoft Security | IT security solutions from a single source

Microsoft Security – Protecting the modern workplace from cyber threats. ✔ Sign up for a workshop of your choice.

O