Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns.
Broadcom confirms that exploitation of the vulnerabilities has occurred in the wild.
The vulnerabilities, namely a heap-overflow vulnerability (CVE-2024-38812) and a privilege escalation vulnerability (CVE-2024-38813), can lead to remote code execution and privilege escalation.
VMware has released updated versions of vCenter Server and VMware Cloud Foundation to address the vulnerabilities.