Product:

Vcenter_server

(Vmware)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 75
Date Id Summary Products Score Patch Annotated
2022-03-29 CVE-2022-22948 The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. Cloud_foundation, Vcenter_server 6.5
2022-07-13 CVE-2022-22982 The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. Cloud_foundation, Vcenter_server 7.5
2022-10-07 CVE-2022-31680 The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. Vcenter_server 9.1
2022-12-13 CVE-2022-31697 The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. Cloud_foundation, Vcenter_server 5.5
2022-12-13 CVE-2022-31698 The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. Cloud_foundation, Vcenter_server 5.3
2023-06-22 CVE-2023-20893 The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. Vcenter_server 9.8
2023-06-22 CVE-2023-20892 The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. Vcenter_server 9.8
2023-06-22 CVE-2023-20894 The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. Vcenter_server 9.8
2023-06-22 CVE-2023-20895 The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. Vcenter_server 9.8
2023-06-22 CVE-2023-20896 The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). Vcenter_server 7.5