VMware Tanzu Application Service for VMs updates address a denial-of-service vulnerability (CVE-2021-22101)
CVE number – CVE-2021-22101
A denial-of-service vulnerability in one of the components of VMware Tanzu Application Service for VMs was observed.
Patches and workarounds are available to remediate or workaround this vulnerability in affected VMware products.
VMware Tanzu Application Service for VMs uses Cloud Controller (CAPI) from Cloud Foundry which is vulnerable to an unauthenticated denial-of-service(DoS) vulnerability.
VMware has evaluated this issue to be ‘Important’ severity with a maximum CVSSv3 base score of 7.5.
A remote attacker can leverage this vulnerability to cause denial of service by using REST HTTP requests and generating an enormous SQL query leading to database (ccdb) unavailability.
At the time of publication no workarounds are available.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.