Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vcenter server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-4927
VMware vCenter Server (6.5 before 6.5 U1 and 6.0 before 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
Vmware Vcenter Server
5
CVSSv2
CVE-2017-4928
The flash-based vSphere Web Client (6.0 before 6.0 U3c and 5.5 before 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified...
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.0
5
CVSSv2
CVE-2017-4923
VMware vCenter Server (6.5 before 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
Vmware Vcenter Server 6.5
5
CVSSv2
CVE-2017-4917
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
Vmware Vsphere Data Protection 5.5.5
Vmware Vsphere Data Protection 5.8.0
Vmware Vsphere Data Protection 5.8.1
Vmware Vsphere Data Protection 6.0.4
Vmware Vsphere Data Protection 6.1.0
Vmware Vsphere Data Protection 5.5.8
Vmware Vsphere Data Protection 5.5.9
Vmware Vsphere Data Protection 5.8.4
Vmware Vsphere Data Protection 6.0.0
Vmware Vsphere Data Protection 6.0.1
Vmware Vsphere Data Protection 6.1.3
Vmware Vsphere Data Protection 5.5.6
Vmware Vsphere Data Protection 5.5.7
Vmware Vsphere Data Protection 5.8.2
Vmware Vsphere Data Protection 5.8.3
Vmware Vsphere Data Protection 6.1.1
Vmware Vsphere Data Protection 6.1.2
Vmware Vsphere Data Protection 5.5.10
Vmware Vsphere Data Protection 5.5.11
Vmware Vsphere Data Protection 6.0.2
Vmware Vsphere Data Protection 6.0.3
5
CVSSv2
CVE-2016-7458
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vmware Vsphere Client 5.5
Vmware Vsphere Client 6.0
5
CVSSv2
CVE-2015-1047
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote malicious users to cause a denial of service via a long heartbeat message.
Vmware Vcenter Server 5.5
Vmware Vcenter Server 5.0
Vmware Vcenter Server 5.1
5
CVSSv2
CVE-2011-4404
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote malicious users to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a re...
Vmware Vcenter Update Manager 4.1
Vmware Vcenter Update Manager 4.0
1 EDB exploit
4.6
CVSSv2
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML...
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.7
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
4.4
CVSSv2
CVE-2013-5973
VMware ESXi 4.0 up to and including 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp ...
Vmware Esx 4.0
Vmware Esx 4.1
Vmware Esxi 4.0
Vmware Esxi 5.0
Vmware Esxi 4.1
Vmware Esxi 5.1
4.3
CVSSv2
CVE-2021-22016
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
Vmware Cloud Foundation
Vmware Vcenter Server 6.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »