VMware patches Tanzu Application Service for VMs vulnerability (CVE-2021-22101)

VMware patches Tanzu Application Service for VMs vulnerability (CVE-2021-22101)

VMware has issued a security fix for a VMware Tanzu Application Service for VMs vulnerability.

The Tanzu Application Service for VMs contains a denial-of-service vulnerability (CVE-2021-22101) in the Cloud Controller (CAPI) from Cloud Foundry. VMware has rated the flaw Important and CVSSv3 base score is 7.5.

“A remote attacker can leverage this vulnerability to cause denial of service by using REST HTTP requests and generating an enormous SQL query leading to database (ccdb) unavailability,” VMware stated in the advisory.

Impacted products include VMware Tanzu Application Service for VMs.

The update comes just a day after VMware issued another security fix for a VMware vCenter Server IWA privilege escalation vulnerability.

Related Articles