June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Chinese and North Korean Threat Actors Use Ransomware to Target Global Infrastructure – Active IOCs
June 28, 2024
Multiple Adobe Experience Manager Vulnerabilities
June 28, 2024
Chinese and North Korean Threat Actors Use Ransomware to Target Global Infrastructure – Active IOCs
June 28, 2024
Multiple Adobe Experience Manager Vulnerabilities
June 28, 2024
Severity
Medium
Analysis Summary
CVE-2024-22272 CVSS:4.9
VMware Cloud Director is vulnerable to a denial of service, caused by an improper privilege management vulnerability. A remote authenticated attacker could exploit this vulnerability to accidentally disable their organization, resulting in a denial of service.
CVE-2024-22276 CVSS:5.3
VMware Cloud Director Object Storage Extension could allow a remote attacker from within the local network to obtain sensitive information, caused by an insertion of sensitive information vulnerability. An attacker could exploit this vulnerability to obtain sensitive information from URLs that are logged.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-22272
- CVE-2024-22276
Affected Vendors
VMWare
Affected Products
- VMware Cloud Director 10.4
- VMware Cloud Director 10.5
- VMware Cloud Director Object Storage Extension 3.0
- VMware Cloud Director Object Storage Extension 2.0
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.