CVE-2022-21608 is a vulnerability that was identified in May 2022 in the popular virtual desktop infrastructure software, VMware Horizon. This vulnerability is categorized as a critical vulnerability and is assigned a CVSS score of 9.1 out of 10. It allows an attacker to execute arbitrary code on the vulnerable system by exploiting a flaw in the web interface of VMware Horizon.
The vulnerability became publicly known on May 25, 2022, when VMware released a security advisory detailing the issue and providing patches for affected versions of the software. The vulnerability affects all versions of VMware Horizon before version 8.4.6, including the on-premises and cloud-based versions of the software. An attacker can exploit this vulnerability by tricking a user into visiting a specially crafted URL or by sending a malicious email containing a link to the vulnerable web interface.
Given the critical nature of this vulnerability, it is essential for users of VMware Horizon to update their software to the latest version as soon as possible. Failure to do so could result in a compromised system and potential data loss. VMware has advised its users to apply the patches immediately to mitigate the risk posed by this vulnerability and protect their systems from exploitation.