The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a critical security vulnerability affecting Broadcom VMware vCenter Server in its Known Exploited Vulnerabilities (KEV) catalog, due to confirmed active exploitation. This vulnerability, identified as CVE-2024-37079, has a CVSS score of 9.8 and involves a heap overflow issue. The flaw was patched in June 2024, emphasizing the urgency for organizations to address it. CISA’s action highlights the ongoing risks associated with unpatched software vulnerabilities.
