Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_foundation
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 98 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-31 | CVE-2021-22003 | VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. | Cloud_foundation, Identity_manager, Vrealize_suite_lifecycle_manager, Workspace_one_access | 7.5 | ||
| 2021-09-22 | CVE-2021-21991 | The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). | Cloud_foundation, Vcenter_server | 7.8 | ||
| 2021-09-22 | CVE-2021-21992 | The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host. | Cloud_foundation, Vcenter_server | 6.5 | ||
| 2021-09-23 | CVE-2021-21993 | The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. | Cloud_foundation, Vcenter_server | 6.5 | ||
| 2021-09-23 | CVE-2021-22006 | The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints. | Cloud_foundation, Vcenter_server | 7.5 | ||
| 2021-09-23 | CVE-2021-22008 | The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. | Cloud_foundation, Vcenter_server | 7.5 | ||
| 2021-09-23 | CVE-2021-22007 | The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information. | Cloud_foundation, Vcenter_server | 5.5 | ||
| 2021-09-23 | CVE-2021-22009 | The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. | Cloud_foundation, Vcenter_server | 7.5 | ||
| 2021-09-23 | CVE-2021-22010 | The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service. | Cloud_foundation, Vcenter_server | 7.5 | ||
| 2021-09-23 | CVE-2021-22011 | vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation. | Cloud_foundation, Vcenter_server | 5.3 |