CVE-2024-37087: 
vSphere vCenter Server vulnerability analysis and mitigation

CVE-2024-37087 is a denial-of-service vulnerability affecting VMware vCenter Server, discovered and disclosed on June 25, 2024. The vulnerability impacts VMware vCenter Server and VMware Cloud Foundation installations. VMware has evaluated this vulnerability to be in the Moderate severity range with a CVSSv3 base score of 5.3 (VMware Advisory).

The vulnerability specifically exists within the License Server component of vCenter Server Appliance. The issue stems from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. The vulnerability has been assigned a CVSS v3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating moderate severity (ZDI Advisory).

When successfully exploited, this vulnerability allows attackers to create a denial-of-service condition on the affected vCenter Server system. The impact is limited to service availability, with no compromise to confidentiality or integrity of the system (VMware Advisory).

VMware has released patches to address this vulnerability. The fixed versions include vCenter Server 8.0 U3 for version 8.0 installations and vCenter Server 7.0 U3q for version 7.0 installations. For VMware Cloud Foundation deployments, version 5.2 addresses this vulnerability. VMware recommends updating to these versions to mitigate the risk (VMware Advisory).