Critical RCE bug in VMware vCenter Server now exploited in attacks

Broadcom warns that attackers are exploiting two VMware vCenter vulnerabilities—CVE-2024-38812 (critical RCE via a heap overflow) and CVE-2024-38813 (privilege escalation to root)—affecting vCenter-containing products; VMware released and reissued patches after an initial fix proved incomplete, no workarounds are available, and impacted customers are strongly urged to apply the latest updates immediately.