Security bulletins

From time to time, we might release security bulletins related to Google Cloud VMware Engine. All security bulletins for VMware Engine are described here.

GCP-2021-010

Published: 2021-05-25

Description Severity Notes

Per VMware security advisory VMSA-2021-0010, remote code execution and authentication bypass vulnerabilities in vSphere Client (HTML5) were privately reported to VMware. VMware has made updates available to remediate these vulnerabilities in affected VMware products.

We have applied the patches provided by VMware for the vSphere stack per the VMware security advisory. This update addresses security vulnerabilities described in CVE-2021-21985 and CVE-2021-21986. The image versions running in your VMware Engine private cloud do not reflect any change at this time to indicate the patches applied. Please rest assured that appropriate patches have been installed and your environment is secured from these vulnerabilities.

VMware Engine impact

Based on our investigations, no customers were found to be impacted.

What should I do?

Because VMware Engine clusters are not affected by this vulnerability, no further action is required.

Critical

GCP-2021-002

Published: 2021-03-05

Description Severity Notes

Per VMware security advisory VMSA-2021-0002, VMware received reports of multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5). VMware has made updates available to remediate these vulnerabilities in affected VMware products.

We have applied the officially documented workarounds for the vSphere stack per the VMware security advisory. This update addresses security vulnerabilities described in CVE-2021-21972, CVE-2021-21973, and CVE-2021-21974.

VMware Engine impact

Based on our investigations, no customers were found to be impacted.

What should I do?

Because VMware Engine clusters are not affected by this vulnerability, no further action is required.

Critical