Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vcenter server vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-22017
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
Vmware Vcenter Server 6.7
1 Article
9.8
CVSSv3
CVE-2020-3952
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Vmware Vcenter Server 6.7
5 Github repositories
2 Articles
6.5
CVSSv3
CVE-2017-4922
VMware vCenter Server (6.5 before 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access c...
Vmware Vcenter Server 6.5
8.8
CVSSv3
CVE-2017-4921
VMware vCenter Server (6.5 before 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privi...
Vmware Vcenter Server 6.5
7.8
CVSSv3
CVE-2017-4943
VMware vCenter Server Appliance (vCSA) (6.5 prior to 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base ...
Vmware Vcenter Server 6.5
NA
CVE-2010-2928
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
Vmware Vcenter Server 4.1
NA
CVE-2013-3080
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface acc...
Vmware Vcenter Server Appliance 5.1
NA
CVE-2013-3107
VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote malicious users to bypass authentication by providing a valid username in conjunction with an empty password.
Vmware Vcenter Server Appliance 5.0
NA
CVE-2013-3079
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.
Vmware Vcenter Server Appliance 5.1
NA
CVE-2014-3797
Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vmware Vcenter Server Appliance 5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »