The issue was identified in the XStream open-source library used by Cloud Foundation and scored 9.8 out of 10 on the CVSS vulnerability rating scale.
By the way, we also said that Some Versions of VMware Carbon Black Cause BSODs on Windows.
The vulnerability, which received the identifier CVE-2021-39144, was discovered by experts from Source Incite and can lead to remote execution of arbitrary code without requiring authentication and any user interaction. The developers also warn that the operation of the bug difficult is not difficult at [...]
We also wrote that Some Versions of VMware Carbon Black Cause BSODs on Windows.
Let me remind you that the CVE-2022-22954 vulnerability is associated with remote arbitrary code execution and affects VMware Workspace ONE Access. The bug scored 9.8 out of 10 on the CVSS vulnerability rating scale, and VMware discovered and fixed the issue on April 6 this year. However, the attackers reversed this fix and within 48 hours created an exploit, which was then used to compromise yet unpatched servers.