Rewterz Threat Advisory – Multiple Zoom Vulnerabilities
November 11, 2021Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
November 11, 2021Rewterz Threat Advisory – Multiple Zoom Vulnerabilities
November 11, 2021Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
November 11, 2021Severity
High
Analysis Summary
CVE-2021-22101
VMware Tanzu Application Service for VMs uses Cloud Controller (CAPI) from Cloud Foundry which is vulnerable to an unauthenticated denial-of-service(DoS) vulnerability. A remote attacker can leverage this vulnerability to cause denial of service by using REST HTTP requests and generating an enormous SQL query leading to database (ccdb) unavailability.
Impact
- Denial of Service
Affected Vendors
- VMware
Affected Products
- VMware Tanzu Application Service for VMs 2.12.x
- VMware Tanzu Application Service for VMs 2.11.x
- VMware Tanzu Application Service for VMs 2.10.x
- VMware Tanzu Application Service for VMs 2.9.x
- VMware Tanzu Application Service for VMs 2.7.x
Remediation
Refer to VMware advisory for the complete list of affected products and their respective patches.