Product:

Vcenter_server

(Vmware)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 75
Date Id Summary Products Score Patch Annotated
2021-09-23 CVE-2021-22014 The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server. Cloud_foundation, Vcenter_server 7.2
2021-09-23 CVE-2021-22016 The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link. Cloud_foundation, Vcenter_server 6.1
2021-09-23 CVE-2021-22017 Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. Vcenter_server 5.3
2021-05-26 CVE-2021-21985 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Cloud_foundation, Vcenter_server 9.8
2017-12-20 CVE-2017-4943 VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. Vcenter_server 7.8
2019-10-28 CVE-2019-5537 Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup... Vcenter_server 5.9
2019-10-28 CVE-2019-5538 Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore... Vcenter_server 5.9
2020-10-20 CVE-2020-3994 VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates. Cloud_foundation, Vcenter_server 7.4
2015-09-18 CVE-2015-6932 VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Vcenter_server N/A
2019-09-18 CVE-2019-5531 VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has... Esxi, Vcenter_server, Vsphere_esxi N/A