Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_foundation
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 99 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-23 | CVE-2021-22016 | The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link. | Cloud_foundation, Vcenter_server | 6.1 | ||
| 2021-09-23 | CVE-2021-22018 | The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. | Cloud_foundation, Vcenter_server | 6.5 | ||
| 2021-09-23 | CVE-2021-22019 | The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. | Cloud_foundation, Vcenter_server | 7.5 | ||
| 2021-09-23 | CVE-2021-22020 | The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. | Cloud_foundation, Vcenter_server | 5.5 | ||
| 2021-10-13 | CVE-2021-22033 | Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | Cloud_foundation, Vrealize_operations, Vrealize_suite_lifecycle_manager | 2.7 | ||
| 2021-10-13 | CVE-2021-22035 | VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment. | Cloud_foundation, Vrealize_log_insight, Vrealize_suite_lifecycle_manager | 4.3 | ||
| 2021-11-10 | CVE-2021-22048 | The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. | Cloud_foundation, Vcenter_server | 8.8 | ||
| 2021-11-24 | CVE-2021-21980 | The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | Cloud_foundation, Vcenter_server | 7.5 | ||
| 2022-01-04 | CVE-2021-22045 | VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. | Cloud_foundation, Esxi, Fusion, Workstation | 7.8 | ||
| 2022-02-04 | CVE-2022-22939 | VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. | Cloud_foundation | 4.9 |