Product:

Cloud_foundation

(Vmware)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 97
Date Id Summary Products Score Patch Annotated
2023-05-12 CVE-2023-20879 VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system. Cloud_foundation, Vrealize_operations 6.7
2023-05-12 CVE-2023-20880 VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. Aria_operations, Cloud_foundation 6.7
2023-05-30 CVE-2023-20884 VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. Cloud_foundation, Identity_manager, Identity_manager_connector, Workspace_one_access 6.1
2023-09-27 CVE-2023-34043 VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. Aria_operations, Cloud_foundation 6.7
2024-01-16 CVE-2023-34063 Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. Aria_automation, Cloud_foundation 8.3
2024-07-11 CVE-2024-22280 VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. Aria_automation, Cloud_foundation 8.1
2019-10-18 CVE-2019-16919 Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. Harbor, Cloud_foundation, Harbor_container_registry N/A