Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware cloud foundation vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-20864
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
Vmware Cloud Foundation
Vmware Aria Operations For Logs
9.8
CVSSv3
CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation 7.6
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Vrealize Suite Lifecycle Manager 8.0
Vmware Vrealize Suite Lifecycle Manager 8.0.1
Vmware Vrealize Suite Lifecycle Manager 8.1
Vmware Vrealize Suite Lifecycle Manager 8.2
Vmware Cloud Foundation 3.0
Vmware Cloud Foundation 3.0.1
Vmware Cloud Foundation 3.0.1.1
Vmware Cloud Foundation 3.5
Vmware Cloud Foundation 3.5.1
Vmware Cloud Foundation 3.7
Vmware Cloud Foundation 3.7.1
6 Github repositories
2 Articles
9.8
CVSSv3
CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Vmware Identity Manager 3.3.3
Vmware Vrealize Automation 7.6
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Vrealize Automation
Vmware Identity Manager 3.3.6
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 21.08.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Vrealize Suite Lifecycle Manager
Vmware Cloud Foundation
1 Metasploit module
25 Github repositories
3 Articles
9.8
CVSSv3
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e....
Vmware Spring Framework
Cisco Cx Cloud Agent
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Sd-wan Edge 9.1
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Oracle Product Lifecycle Analytics 3.6.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 22.1.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0
174 Github repositories
7 Articles
9.8
CVSSv3
CVE-2021-22005
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
16 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-22002
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /c...
Vmware Identity Manager 3.3.2
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Workspace One Access 20.01
Vmware Workspace One Access 20.10
Vmware Workspace One Access 20.10.01
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Cloud Foundation 4.1
Vmware Cloud Foundation 4.1.0.1
Vmware Cloud Foundation 4.2.1
Vmware Vrealize Suite Lifecycle Manager 8.0
Vmware Vrealize Suite Lifecycle Manager 8.0.1
Vmware Vrealize Suite Lifecycle Manager 8.1
Vmware Vrealize Suite Lifecycle Manager 8.2
9.8
CVSSv3
CVE-2021-21994
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
Vmware Cloud Foundation
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0
9.8
CVSSv3
CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute com...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
15 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-21986
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Serv...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
1 Github repository
1 Article
9.8
CVSSv3
CVE-2021-21972
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Se...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
46 Github repositories
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »