Etkilenen ürünler:

  • VMware vCenter Server
  • VMware Cloud Foundation

Response Matrix:

VMware Product Version Running On CVE CVSSv3 Severity Fixed Version Workarounds Additional Documentation
vCenter Server 8.0 Any CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 9.89.87.8 Critical 8.0 U2d None FAQ
vCenter Server 8.0 Any CVE-2024-37079, CVE-2024-37080 9.89.8 Critical 8.0 U1e None FAQ
vCenter Server 7.0 Any CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 9.89.87.8 Critical 7.0 U3r None FAQ


Impacted Product Suites that Deploy Response Matrix 3a and 3b Components:

VMware Product Version Running On CVE CVSSv3 Severity Fixed Version Workarounds Additional Documentation
Cloud Foundation (vCenter Server) 5.x Any CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 9.89.87.8 Critical KB88287 None FAQ
Cloud Foundation (vCenter Server) 4.x Any CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 9.89.87.8 Critical KB88287 None FAQ

 

Advisory ID: VMSA-2024-0012
Severity: Critical
CVSSv3 Range: 7.8-9.8
Synopsis: VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)
Issue date: 2024-06-17
Updated on: 2024-06-17 (Initial Advisory)
CVE(s) CVE-2024-37079, CVE-2024-37080, CVE-2024-37081