Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Zoom Vulnerabilities
November 11, 2021
Rewterz
Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
November 11, 2021

Rewterz Threat Advisory – CVE-2021-22101 – VMware Tanzu Application Service

Severity

High

Analysis Summary

CVE-2021-22101 

VMware Tanzu Application Service for VMs uses Cloud Controller (CAPI) from Cloud Foundry which is vulnerable to an unauthenticated denial-of-service(DoS) vulnerability. A remote attacker can leverage this vulnerability to cause denial of service by using REST HTTP requests and generating an enormous SQL query leading to database (ccdb) unavailability.

Impact

  • Denial of Service

Affected Vendors

  • VMware

Affected Products

  • VMware Tanzu Application Service for VMs 2.12.x
  • VMware Tanzu Application Service for VMs 2.11.x
  • VMware Tanzu Application Service for VMs 2.10.x
  • VMware Tanzu Application Service for VMs 2.9.x
  • VMware Tanzu Application Service for VMs 2.7.x

Remediation

Refer to VMware advisory for the complete list of affected products and their respective patches.

https://www.vmware.com/security/advisories/VMSA-2021-0026.html