Understanding the CVE Response Matrix "Running On" Column
Article ID: 427707
Updated On:
Products
VMware vCenter Server
Issue/Introduction
A CVE Response matrix specifies that "Running On" is "Any".
For example, this Response Matrix:
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| vCenter Server | 8.0 | Any |
CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 |
9.8, 9.8, 7.8 | Critical | 8.0 U2d | None | FAQ |
| vCenter Server | 8.0 | Any |
CVE-2024-37079, CVE-2024-37080 |
9.8, 9.8 | Critical | 8.0 U1e | None | FAQ |
| vCenter Server | 7.0 | Any |
CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 |
9.8, 9.8, 7.8 | Critical | 7.0 U3r | None | FAQ |
Environment
vSphere
Resolution
The "Any" includes listed affected versions up to the "Fixed" version. Any version released after the fixed version, is also fixed. So if you are already on a "fixed" or later version, there is nothing to address.
Feedback
Yes
No
Powered by
