CVE-2022-26377 and vCenter 7.0.3.00800

Leeii15 · ‎09-07-2022

Through a recent pen test it was discovered that vCenter 7.0.3.00800 was affected by CVE-2022-26377 (https://nvd.nist.gov/vuln/detail/CVE-2022-26377) since vCenter is running Apache 2.4.53 (httpd-2.4.53-1.ph3.x86_64). This CVE was published June 6, 2022.

Is this known to VMware and do we know when it will be patched?

Thanks!

Ajay1988 · ‎09-10-2022

It is planned to be fixed in 7.0 P06 release. ETA will be Dec 2022 as of now.

If you think your queries have been answered
Mark this response as "Correct" or "Helpful".

Regards,
AJ

All

CVE-2022-26377 and vCenter 7.0.3.00800