VMware Security Announcement VMSA-2021-0015 CVSSv3 score 6.8 Moderate
A new VMware Security announcement was just released, VMSA-2021-0015. This Advisory affects VMware ThinApp, the update addresses a DLL hijacking vulnerability (CVE-2021-22000).
- VMware ThinApp
A DLL hijacking vulnerability in VMware ThinApp was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
VMware ThinApp update addresses a DLL hijacking vulnerability (CVE-2021-22000)
VMware ThinApp contains a DLL hijacking vulnerability due to insecure loading of DLLs. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.
Known Attack Vectors
A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it
For VMware ThinApp version 5.x, apply fixed version 5.2.10. Download and documentation information below.
Fixed Version(s) and Release Notes: