VMware Impacted Products?
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
Who is affected?
VMware Security Advisories always list the specific product versions that are affected. In this case it is vCenter Server 6.5, 6.7, and 7.0.
In this VMware Advisory they have discovered multiple vulnerabilities in the vSphere Client (HTML5). If the hacker has access to point 443 they could exploit a vulnerability that would allow commands to be executed with unrestricted privileges. VMware advised to update your servers right now!
How to protect your servers.
You can protect yourself by patching vCenter Server, this is the fastest way to resolve this problem and removes the vulnerability completely. From there you can update any plugins as vendors release new versions.