Cloud_foundation - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Cloud_foundation
(Vmware)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	97

Date	Id	Summary	Products	Score	Patch	Annotated
2023-05-12	CVE-2023-20877	VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.	Cloud_foundation, Vrealize_operations	8.8
2023-05-12	CVE-2023-20879	VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.	Cloud_foundation, Vrealize_operations	6.7
2023-05-12	CVE-2023-20878	VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.	Cloud_foundation, Vrealize_operations	7.2
2023-05-12	CVE-2023-20880	VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.	Aria_operations, Cloud_foundation	6.7
2023-04-20	CVE-2023-20864	VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.	Aria_operations_for_logs, Cloud_foundation	9.8
2023-04-20	CVE-2023-20865	VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.	Aria_operations_for_logs, Cloud_foundation	7.2
2022-04-13	CVE-2022-22957	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.	Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access	7.2
2021-09-23	CVE-2021-22015	The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.	Cloud_foundation, Vcenter_server	7.8
2020-06-25	CVE-2020-3963	VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.	Cloud_foundation, Esxi, Fusion, Workstation	5.5
2021-11-10	CVE-2021-22048	The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.	Cloud_foundation, Vcenter_server	8.8