Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_foundation
(Vmware)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 97 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-05-12 | CVE-2023-20877 | VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | Cloud_foundation, Vrealize_operations | 8.8 | ||
2023-05-12 | CVE-2023-20879 | VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. | Cloud_foundation, Vrealize_operations | 6.7 | ||
2023-05-12 | CVE-2023-20878 | VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | Cloud_foundation, Vrealize_operations | 7.2 | ||
2023-05-12 | CVE-2023-20880 | VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | Aria_operations, Cloud_foundation | 6.7 | ||
2023-04-20 | CVE-2023-20864 | VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. | Aria_operations_for_logs, Cloud_foundation | 9.8 | ||
2023-04-20 | CVE-2023-20865 | VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. | Aria_operations_for_logs, Cloud_foundation | 7.2 | ||
2022-04-13 | CVE-2022-22957 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. | Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access | 7.2 | ||
2021-09-23 | CVE-2021-22015 | The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | Cloud_foundation, Vcenter_server | 7.8 | ||
2020-06-25 | CVE-2020-3963 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. | Cloud_foundation, Esxi, Fusion, Workstation | 5.5 | ||
2021-11-10 | CVE-2021-22048 | The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. | Cloud_foundation, Vcenter_server | 8.8 |