Sagi Sheinfeld

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server versions (affected versions not specified) VMware Cloud Foundation versions (affected versions not specified) **Description** The issue is related to a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. This vulnerability can be exploited by a malicious actor with non-administrative access to elevate privileges to a higher privileged group. The vulnerability is associated with insufficient access control. **Recommendations** For VMware vCenter Server, update to a version that includes a fix for the privilege escalation vulnerability in the IWA authentication mechanism. For VMware Cloud Foundation, update to a version that includes a fix for the privilege escalation vulnerability in the IWA authentication mechanism. As a temporary workaround, consider restricting access to the IWA authentication mechanism until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Azure Active Directory Connect Provisioning Agent and Azure Active Directory Connect (affected versions not specified) **Description** The issue is related to deficiencies in the authentication mechanism of the Azure Active Directory Connect Provisioning Agent and Azure Active Directory Connect. Exploitation of this issue may allow an attacker to bypass security mechanisms. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.