VMware Security Announcement VMSA-2021-0015 CVSSv3 score 6.8 Moderate

A new VMware Security announcement was just released, VMSA-2021-0015. This Advisory affects VMware ThinApp, the update addresses a DLL hijacking vulnerability (CVE-2021-22000).

Impacted Products
  • VMware ThinApp
Introduction

A DLL hijacking vulnerability in VMware ThinApp was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

VMware ThinApp update addresses a DLL hijacking vulnerability (CVE-2021-22000)

Description

VMware ThinApp contains a DLL hijacking vulnerability due to insecure loading of DLLs. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.

Known Attack Vectors

A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it

Resolution

For VMware ThinApp version 5.x, apply fixed version 5.2.10. Download and documentation information below.

References

Fixed Version(s) and Release Notes:

https://my.vmware.com/en/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_thinapp/5_0

https://docs.vmware.com/en/VMware-ThinApp/5.2.10/rn/vmware_thinapp_5210_release_notes/index.html