VMware security advisory (AV24-528) – Update 1

Serial number: AV24-528
Date: September 18, 2024

Updated: October 22, 2024

On September 17, 2024, VMware released a security advisory to address vulnerabilities in the following products:

• vCenter Server – versions 7.0 and 8.0
• VMware Cloud Foundation – versions 5.x and 4.x

Update 1

On October 21, 2024, VMware released updated vCenter patches to resolve issues in CVE-2024-38812 that were not fully addressed by the September 17, 2024 release. Clients who installed the initial releases are advised to install these updated versions.

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
• Security Advisories - VMware Cloud Foundation