Broadcom Issues Warning on VMware vCenter Server Vulnerabilities

Broadcom warns of critical VMware vCenter Server vulnerabilities. Two significant vulnerabilities, CVE-2024-38812 and CVE-2024-38813, are actively being exploited, with the former allowing remote code execution and rated at a CVSSv3 score of 9.8. Both flaws affect VMware vCenter Server versions 7.0 and 8.0, as well as VMware Cloud Foundation versions 4.x and 5.x. Broadcom, which owns VMware, initially released patches on September 17, 2024, but later updated its advisory on October 21, indicating the original fix for CVE-2024-38812 was incomplete. Organizations are urged to apply the latest patches immediately, as no workarounds exist. The vulnerabilities highlight the critical need for timely security updates in infrastructure components, and affected systems should undergo thorough security assessments.