CVE-2024-50379, CVE-2024-54677, CVE-2024-56337 Tomcat Vulnerabilities in vCenter

CVE-2024-50379, CVE-2024-54677, CVE-2024-56337 Tomcat Vulnerabilities in vCenter

search cancel

CVE-2024-50379, CVE-2024-54677, CVE-2024-56337 Tomcat Vulnerabilities in vCenter

book

Article ID: 396084

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

CVE-2024-50379, CVE-2024-54677 and CVE-2024-56337 are Tomcat vulnerabilities that affect vCenter since this application consumes Tomcat.

Environment

vCenter 8.x

Cause

NVD - cve-2024-50379
https://nvd.nist.gov/vuln/detail/cve-2024-50379

NVD - cve-2024-54677
https://nvd.nist.gov/vuln/detail/cve-2024-54677

NVD - CVE-2024-56337
https://nvd.nist.gov/vuln/detail/CVE-2024-56337

Resolution

All CVE's mentioned are resolved in 8.0U3E

CVE-2024-50379 is resolved in 8.0U3e according to the following documentation.

VMware vCenter Server Photon OS Security Patches
https://techdocs.broadcom.com/jp/ja/vmware-cis/vsphere/vsphere/8-0/release-notes/vcenter-server-appliance-photonos-security-patches.html

For these CVE's, CVE-2024-54677 and CVE-2024-56337.

8.0P05 has been internally verified as the fixed vCenter version which translates to 8.0U3e vCenter.

Additional Information

Japanese KB: vCenter Server における Tomcat の脆弱性 (CVE-2024-50379、CVE-2024-54677、CVE-2024-56337)

Feedback

thumb_up Yes

thumb_down No