vmware
Safeguard articles tagged "vmware" — guides, analysis, and best practices for software supply chain and application security.
4 articles
VMware vCenter (CVE-2021-21985) Explained: The vSAN Plugin RCE
CVE-2021-21985 is a CVSS 9.8 unauthenticated RCE in VMware vCenter Server's vSAN Health plugin, enabled by default on every install. Here is how it works and the patched builds to run.
VMware ESXi CVE-2024-37085 Auth Bypass by Ransomware
CVE-2024-37085 abuses ESXi's AD domain join to grant admin via a specially named group. Exploitation by Akira and Black Basta, detection, and fix.
Broadcom VMware Zero-Days March 2025: ESXi, Workstation, and Fusion Under Active Attack
Three VMware zero-days exploited in the wild in March 2025 let attackers escape virtual machine sandboxes. Broadcom patched, but the damage window was wide open.
VMware Workspace ONE CVE-2022-22954: Server-Side Template Injection Goes Enterprise
CVE-2022-22954 in VMware Workspace ONE Access allowed unauthenticated RCE via server-side template injection. Attackers used it to deploy cryptominers and backdoors.