Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware cloud foundation - vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-22033
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
Vmware Cloud Foundation
Vmware Vrealize Operations
Vmware Vrealize Suite Lifecycle Manager
5
CVSSv2
CVE-2021-22013
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
Vmware Cloud Foundation
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
5
CVSSv2
CVE-2021-22006
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
Vmware Cloud Foundation
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
2.1
CVSSv2
CVE-2021-22020
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an malicious user to create a denial-of-service condition on vCenter Server.
Vmware Cloud Foundation
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
NA
CVE-2023-20877
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
Vmware Cloud Foundation
Vmware Vrealize Operations 8.10.0
Vmware Vrealize Operations 8.6.0
NA
CVE-2023-20879
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
Vmware Cloud Foundation
Vmware Vrealize Operations 8.10.0
Vmware Vrealize Operations 8.6.0
4
CVSSv2
CVE-2021-22035
VMware vRealize Log Insight (8.x before 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sh...
Vmware Cloud Foundation
Vmware Vrealize Log Insight
Vmware Vrealize Suite Lifecycle Manager
5
CVSSv2
CVE-2021-21980
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Cloud Foundation 3.0
3 Github repositories
NA
CVE-2022-31701
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Vmware Access 21.08.0.1
Vmware Access 21.08.0.0
Vmware Access 22.09.0.0
Vmware Cloud Foundation
Vmware Identity Manager Connector 3.3.6
1 Article
4.6
CVSSv2
CVE-2020-3968
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x prior to 15.5.5), and Fusion (11.x prior to 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious...
Vmware Cloud Foundation
Vmware Fusion
Vmware Workstation
Vmware Esxi 6.5
Vmware Esxi 6.7
Vmware Esxi 7.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »