In general, cloud infrastructure is considered safe because they normally include different security layers that are implemented within its core. However, security vulnerabilities can be found in any application. Exploiting the vulnerability requires an authenticated user session, allowing a customer or non-privileged user account to become an administrator without authorization. Of course, this could also be abused by an outside attacker who has stolen or guessed any user’s password. VMware has released a patch that closes this vulnerability and is available through their website. This patch should be applied as soon as possible. A vital reason for reporting and researching vulnerabilities is so that companies, such as VMware, can design patches to better protect their clients. Penetration testing, through ethical hacking companies like Trustedsec, can provide security flaw information so that a patch can be designed and applied.

To read more: https://www.cloudpro.co.uk/it-infrastructure/security/8597/vmware-cloud-director-exploit-lets-hackers-seize-corporate-servers