Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

Two VMware vCenter vulnerabilities — CVE-2024-38812 (critical heap-overflow RCE) and CVE-2024-38813 (high-severity privilege escalation) — received initial patches that were later revised after Broadcom acknowledged the fixes did not fully address the issues; Broadcom has since confirmed exploitation in the wild, putting vCenter Server and VMware Cloud Foundation instances at risk of remote code execution and root escalation.