Rewterz Threat Advisory – Palo Alto Networks PAN-OS buffer overflow
November 11, 2021Rewterz Threat Advisory – Multiple SAP Vulnerabilties
November 11, 2021Rewterz Threat Advisory – Palo Alto Networks PAN-OS buffer overflow
November 11, 2021Rewterz Threat Advisory – Multiple SAP Vulnerabilties
November 11, 2021Severity
High
Analysis Summary
CVE-2021-22048
VMware vCenter Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the IWA (Integrated Windows Authentication) authentication mechanism. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevate privileges to a higher privileged group.
Impact
- Privilege escalation
Affected Vendors
- VMware
Affected Products
- VMware vCenter Server 6.7
- VMware Cloud Foundation 3.0
- VMware Cloud Foundation 4.0
- VMware vCenter Server 7.0
Remediation
Refer to VMware advisory for the complete list of affected products and their respective patches.