Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vcenter server vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-22016
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
Vmware Vcenter Server 6.7
Vmware Cloud Foundation
6.5
CVSSv3
CVE-2021-22018
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
Vmware Vcenter Server 7.0
Vmware Cloud Foundation
NA
CVE-2012-5050
Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) prior to 5.0.x allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vmware Vcenter Operations
Vmware Vcenter Operations 1.0.0
Vmware Vcenter Operations 1.0.1
NA
CVE-2010-2928
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
Vmware Vcenter Server 4.1
9.8
CVSSv3
CVE-2017-4923
VMware vCenter Server (6.5 before 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
Vmware Vcenter Server 6.5
5.4
CVSSv3
CVE-2017-4926
VMware vCenter Server (6.5 before 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.
Vmware Vcenter Server 6.5
9.8
CVSSv3
CVE-2020-3952
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Vmware Vcenter Server 6.7
5 Github repositories
2 Articles
6.5
CVSSv3
CVE-2017-4922
VMware vCenter Server (6.5 before 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access c...
Vmware Vcenter Server 6.5
7.8
CVSSv3
CVE-2017-4943
VMware vCenter Server Appliance (vCSA) (6.5 prior to 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base ...
Vmware Vcenter Server 6.5
5.3
CVSSv3
CVE-2021-22017
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
Vmware Vcenter Server 6.7
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »