—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in VMware products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

VMware Cloud Foundation Operations 9.0.x.x, 9.1.x.x

VMware Aria Operations 8.x

VMware Cloud Foundation 5.x

VMware vSphere Foundation 9.0.x.x, 9.1.x.x

VMware Telco Cloud Platform 5.x

Overview

Multiple vulnerabilities have been reported in VMware products that could allow an attacker to perform unauthorized administrative actions and compromise the affected VMware management environment.

Target Audience:

Enterprises and large organisations, cloud service providers and industries with IT environments utilising VMware products.

 

Risk Assessment:

High risk of unauthorized administrative actions.

Impact Assessment:

Potential for administrative account compromise, unauthorised actions and exposure of sensitive data.

Description

VMware provides virtualisation software solutions that enable organisations to create and manage virtual machines (VMs), allowing multiple operating systems to run on a single physical machine.

Multiple stored Cross-Site Scripting (XSS) vulnerabilities exist in VMware products due to improper neutralization of input. An attacker with privileges to create policies, views, or text widgets can inject malicious scripts and perform administrative actions.

Successful exploitation of these vulnerabilities could allow an attacker to perform unauthorized administrative actions and compromise the affected VMware management environment.

Solution

Apply appropriate updates as mentioned:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37513

Vendor Information

VMware

https://www.vmware.com/

References

 

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37513

CVE Name

CVE-2026-41722

CVE-2026-41723

CVE-2026-41724

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoxYH4ACgkQ3jCgcSdc

ys+1fQ//e9N0b6IqYRdp4wbhrbDFgbUKqRfLCo2Ko3njPWpiTBEd2zz0WYhUs19m

MfYhQ83j9MQ4LkQegwyi4iBSoTF/RhIzZRQqfEXjDVPZMmjrJs8iIDNzRKmWZpxl

h89B3YQFRZ+LXiQDe5R5BVjE+lvKPheMoaPQ54zJ5fkg31fRUqN1/V2TvFWfkUO2

txo7kVg7TPSL1InptFI2MwiB8GagnR3Zww18hpQ82F6S4IWawp5y1sWM+YyTzxdB

qrEh72Q4Oa0bvfJO3PqOCjIToZQ7Oqxc2PbqFcQJQPSNuI1wV7vjp9l6WpPubjJh

iPNg1ao569zI5U8f8lbs0VhOspoVbrf7loRKpeWlwFZRi2oprltO5j+FbFCBFWEg

V5hMlnWJzYMN0EU2fgkwQAgQx0CDFPk2I6J5btsoEUs7glp6aKSj38thmzH+pomS

Qzj4PvucNT5g2huwEGBQdbtIlmnBEeqhfVWDn7Dgyd+jT3DpAhfo0OdiHckqw5w8

MsXNJjA+0sM/r/YQCqPVwdD5nw3TQz6ylgj1vDfiizzgSjOZtG+Lw0IBTWffQ5Ch

j7hMHXBVGz3hGHK4lESZYvqwW+mbPNUXt+M3oMmjMuIggIsM5WRsq03Own/ZErb0

XcrxWp1UGPVSIfsFFedr7ohshM/olPQhOGROfdRZ8MHA/bCK/f4=

=fpog

—–END PGP SIGNATURE—–