Security bulletins
From time to time, we might release security bulletins related to Google Cloud VMware Engine. All security bulletins for VMware Engine are described here.
Use this XML feed to subscribe to security bulletins for this page.
GCP-2024-064
Published: 2024-12-10
Description | Severity | Notes |
---|---|---|
Per VMware security advisory VMSA-2024-0022, multiple vulnerabilities in VMware Aria Operations were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware product. What should I do?We recommend upgrading to VMware Aria Operations 8.18.2. |
Important |
GCP-2024-060
Published: 2024-10-17
Description | Severity | Notes |
---|---|---|
Per VMware security advisory VMSA-2024-0020, multiple vulnerabilities in VMware NSX were responsibly reported to VMware. The version NSX-T running on your VMware Engine environment is not impacted by CVE-2024-38815, CVE-2024-38818, or CVE-2024-38817. What should I do?Because VMware Engine clusters are not affected by this vulnerability, no further action is required. |
Medium |
GCP-2024-059
Published: 2024-10-16
Description | Severity | Notes |
---|---|---|
Per VMware security advisory VMSA-2024-0021, an authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. We have applied the mitigation approved by VMware to address this vulnerability. This fix addresses a security vulnerability described in CVE-2024-38814. The image versions running in your VMware Engine private cloud don't reflect any change at this time to indicate the changes applied. Appropriate mitigations have been installed and your environment is secured from this vulnerability. What should I do?We recommend upgrading to VMware HCX version 4.9.2. |
High |
GCP-2024-051
Published: 2024-09-18
Description | Severity | Notes |
---|---|---|
VMware disclosed multiple vulnerabilities in VMSA-2024-0019 that impact vCenter components deployed in customer environments. VMware Engine impact
What should I do?No further action is required at this time. |
Critical |
GCP-2024-040
Published: 2024-07-01
Description | Severity | Notes |
---|---|---|
A vulnerability CVE-2024-6387 was discovered in OpenSSH server (sshd).
This vulnerability is exploitable remotely on glibc-based linux systems:
an unauthenticated remote code execution as root, because it affects
sshd's privileged code, which is not sandboxed and runs with full privileges.
What should I do?
|
Critical |
GCP-2024-037
Published: 2024-06-18
Description | Severity | Notes |
---|---|---|
VMware disclosed multiple vulnerabilities in VMSA-2024-0012 that impact vCenter components deployed in customer environments. VMware Engine impact
What should I do?No further action is required at this time. |
Critical |
GCP-2024-016
Published: 2024-03-05
Description | Severity | Notes |
---|---|---|
VMware disclosed multiple vulnerabilities in VMSA-2024-0006 that impact ESXi components deployed in customer environments. VMware Engine impactYour private clouds have been updated to address the security vulnerability. What should I do?No action is needed on your part. |
Critical |
GCP-2023-034
Published: 2023-10-25
Updated: 2023-10-27
Description | Severity | Notes |
---|---|---|
VMware disclosed multiple vulnerabilities in VMSA-2023-0023 that impact vCenter components deployed in customer environments. VMware Engine impact
What should I do?No further action is required at this time. |
Critical |
GCP-2023-027
Published: 2023-09-11Description | Severity | Notes |
---|---|---|
VMware vCenter Server updates address multiple memory corruption vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896) VMware Engine impactVMware vCenter Server (vCenter Server) and VMware Cloud Foundation (Cloud Foundation). What should I do?Customers are not impacted and no action needs to be taken. |
Medium |
GCP-2023-025
Published: 2023-08-08Description | Severity | Notes |
---|---|---|
Intel recently announced Intel Security Advisory INTEL-SA-00828 impacting some of their processor families. You are encouraged to assess your risks based on the advisory. VMware Engine impactOur fleet utilizes the impacted processor families. In our deployment, the entire server is dedicated to one customer. Hence, our deployment model doesn't add any additional risk to your assessment of this vulnerability. We are working with our partners to obtain necessary patches and will be deploying these patches on priority across the fleet using the standard upgrade process in the next several weeks. What should I do?No action is needed on your part, we are working on upgrading all the impacted systems. |
High |
GCP-2021-023
Published: 2021-09-21Description | Severity | Notes |
---|---|---|
Per VMware security advisory VMSA-2021-0020, VMware received reports of multiple vulnerabilities in vCenter. VMware has made updates available to remediate these vulnerabilities in affected VMware products. We have already applied the patches provided by VMware for the vSphere stack to Google Cloud VMware Engine per the VMware security advisory. This update addresses the security vulnerabilities described in CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, and CVE-2021-22010. Other non-critical security issues will be addressed in the upcoming VMware stack upgrade (per the advance notice sent in July, more details will be provided soon on the specific timeline of the upgrade). VMware Engine impactBased on our investigations, no customers were found to be impacted. What should I do?Because VMware Engine clusters are not affected by this vulnerability, no further action is required. |
Critical |
GCP-2021-010
Published: 2021-05-25Description | Severity | Notes |
---|---|---|
Per VMware security advisory VMSA-2021-0010, remote code execution and authentication bypass vulnerabilities in vSphere Client (HTML5) were privately reported to VMware. VMware has made updates available to remediate these vulnerabilities in affected VMware products. We have applied the patches provided by VMware for the vSphere stack per the VMware security advisory. This update addresses security vulnerabilities described in CVE-2021-21985 and CVE-2021-21986. The image versions running in your VMware Engine private cloud don't reflect any change at this time to indicate the patches applied. Please rest assured that appropriate patches have been installed and your environment is secured from these vulnerabilities. VMware Engine impactBased on our investigations, no customers were found to be impacted. What should I do?Because VMware Engine clusters are not affected by this vulnerability, no further action is required. |
Critical |
GCP-2021-002
Published: 2021-03-05Description | Severity | Notes |
---|---|---|
Per VMware security advisory VMSA-2021-0002, VMware received reports of multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5). VMware has made updates available to remediate these vulnerabilities in affected VMware products. We have applied the officially documented workarounds for the vSphere stack per the VMware security advisory. This update addresses security vulnerabilities described in CVE-2021-21972, CVE-2021-21973, and CVE-2021-21974. VMware Engine impactBased on our investigations, no customers were found to be impacted. What should I do?We recommend upgrading to the latest version of HCX. |
Critical |