VMware Releases Security Update

Security update for Tanzu Application Service for VMs

Threat ID:: CC-3978
Threat Severity:: Information only
Published:: 15 November 2021 11:29 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update for Tanzu Application Service for VMs

Affected platforms

The following platforms are known to be affected:

Versions: 2.7.x prior to 2.7.40, 2.9.x prior to 2.9.28, 2.10.x prior to 2.10.20, 2.11.x prior to 2.11.8, 2.12.x prior to 2.12.1

VMware Tanzu Application Service for VMs

Threat details

Introduction

VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

Remediation advice

Affected organisations are encouraged to review VMware Security Advisory VMSA-2021-0026 and apply the necessary update.

Definitive source of threat updates

https://www.vmware.com/security/advisories/VMSA-2021-0026.html

CVE Vulnerabilities

Status Published

CVE-2021-22101

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service (DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.

Last edited: 15 November 2021 11:39 am