VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time

VMware issued a second security update to fully fix two serious vCenter vulnerabilities after the initial September patches failed to completely resolve them. CVE-2024-38812 is a critical, unauthenticated remote code execution flaw (CVSS 9.8) affecting multiple vCenter/vSphere/VMware Cloud Foundation versions, and CVE-2024-38813 is a privilege-escalation bug (CVSS 7.5) that can lead to root. Broadcom warns there are no workarounds, recommends immediate patching, and currently reports no known exploitation in the wild.