Product:

Cloud_foundation

(Vmware)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 97
Date Id Summary Products Score Patch Annotated
2021-09-22 CVE-2021-21992 The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host. Cloud_foundation, Vcenter_server 6.5
2021-09-23 CVE-2021-22005 The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. Cloud_foundation, Vcenter_server 9.8
2021-09-23 CVE-2021-21993 The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. Cloud_foundation, Vcenter_server 6.5
2021-09-23 CVE-2021-22006 The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints. Cloud_foundation, Vcenter_server 7.5
2021-09-23 CVE-2021-22008 The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. Cloud_foundation, Vcenter_server 7.5
2021-09-23 CVE-2021-22007 The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information. Cloud_foundation, Vcenter_server 5.5
2021-09-23 CVE-2021-22009 The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. Cloud_foundation, Vcenter_server 7.5
2021-09-23 CVE-2021-22010 The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service. Cloud_foundation, Vcenter_server 7.5
2021-09-23 CVE-2021-22011 vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation. Cloud_foundation, Vcenter_server 5.3
2021-09-23 CVE-2021-22012 The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. Cloud_foundation, Vcenter_server 7.5