Product:

Cloud_foundation

(Vmware)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 99
Date Id Summary Products Score Patch Annotated
2022-02-16 CVE-2021-22040 VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. Cloud_foundation, Esxi, Fusion, Workstation_player, Workstation_pro 6.7
2022-02-16 CVE-2021-22041 VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. Cloud_foundation, Esxi, Fusion, Workstation 6.7
2022-02-16 CVE-2021-22042 VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user. Cloud_foundation, Esxi 7.8
2022-02-16 CVE-2021-22050 ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests. Cloud_foundation, Esxi 7.5
2022-02-16 CVE-2022-22945 VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root. Cloud_foundation, Nsx_data_center 7.8
2022-04-13 CVE-2022-22957 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 7.2
2022-04-13 CVE-2022-22958 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 7.2
2022-04-13 CVE-2022-22959 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 4.3
2022-04-13 CVE-2022-22961 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 5.3
2022-05-20 CVE-2022-22972 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 9.8