Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vcenter server vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-22014
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system...
Vmware Cloud Foundation
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
9.8
CVSSv3
CVE-2021-22005
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
16 Github repositories
1 Article
7.8
CVSSv3
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
6.5
CVSSv3
CVE-2021-21992
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create ...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
5.3
CVSSv3
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-281...
Eclipse Jetty
Netapp Snap Creator Framework -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Snapcenter Plug-in -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Retail Eftlink 20.0.1
Oracle Communications Cloud Native Core Binding Support Function 1.10.0
Oracle Communications Diameter Signaling Router
Oracle Communications Cloud Native Core Unified Data Repository 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.5.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Oracle Rest Data Services
Oracle Stream Analytics
Oracle Stream Analytics 19c
2 Github repositories
3.5
CVSSv3
CVE-2021-34428
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this c...
Eclipse Jetty
Debian Debian Linux 10.0
Netapp Snap Creator Framework -
Netapp Santricity Cloud Connector -
Netapp Snapmanager -
Netapp E-series Santricity Web Services -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Communications Services Gatekeeper 7.0
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Siebel Core - Automation
Oracle Communications Session Route Manager
Oracle Communications Element Manager 8.2.2
Oracle Rest Data Services
Oracle Communications Session Report Manager
9.8
CVSSv3
CVE-2021-21986
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Serv...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
1 Github repository
1 Article
9.8
CVSSv3
CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute com...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
15 Github repositories
1 Article
5.3
CVSSv3
CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web....
Eclipse Jetty 9.4.37
Eclipse Jetty 9.4.38
Netapp Santricity Cloud Connector -
Netapp Snapcenter -
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Web Services -
Netapp Virtual Storage Console
Netapp Storage Replication Adapter For Clustered Data Ontap
Netapp Vasa Provider For Clustered Data Ontap
Netapp Cloud Manager -
Netapp Snapcenter Plug-in -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Banking Digital Experience 20.1
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Siebel Core - Automation
Oracle Communications Session Route Manager
Oracle Banking Digital Experience 21.1
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
2 Github repositories
2.7
CVSSv3
CVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that m...
Eclipse Jetty 11.0.0
Eclipse Jetty 10.0.0
Eclipse Jetty 11.0.1
Eclipse Jetty 10.0.1
Eclipse Jetty
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Apache Solr 8.8.1
Apache Ignite
Netapp Santricity Cloud Connector -
Netapp Snapcenter -
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Web Services -
Netapp Virtual Storage Console
Netapp Storage Replication Adapter For Clustered Data Ontap
Netapp Vasa Provider For Clustered Data Ontap
Netapp Cloud Manager -
Netapp Snapcenter Plug-in -
Netapp Element Plug-in For Vcenter Server -
Netapp E-series Santricity Os Controller
Oracle Banking Digital Experience 20.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »