VMware vCenter Product Security Update Advisory

Overview

 

An update addressing vulnerabilities in VMware vCenter has been released. Users of the affected version are advised to update to the latest version.

 

Affected Products

 

CVE-2024-37079, CVE-2024-37080, CVE-2024-37081

• vCenter Server 8.0 version
• vCenter Server 7.0 version

 

Resolved Vulnerabilities

 

Heap Overflow Vulnerability in VMware’s vCenter Server (CVE-2024-37079, CVE-2024-37080) [2][3]

Local Elevation of Privilege Vulnerability in vCenter Server by VMware (CVE-2024-37081) [4][5]

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-37079, CVE-2024-37080

• vCenter Server 8.0 U2d version
• vCenter Server 8.0 U1e version
• vCenter Server 7.0 U3r version

 

CVE-2024-37081

• vCenter Server 8.0 U2d version
• vCenter Server 7.0 U3r version

 

Referenced Sites

 

[1] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

[2] https://nvd.nist.gov/vuln/detail/CVE-2024-37079

[3] https://nvd.nist.gov/vuln/detail/CVE-2024-37080

[4] https://nvd.nist.gov/vuln/detail/CVE-2024-37081