Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vcenter server 6.0 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2015-2342
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote malicious users to execute arbitrary code via the RMI protocol.
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.0
Vmware Vcenter Server 5.0
Vmware Vcenter Server 5.1
1 EDB exploit
1 Github repository
1 Article
9.3
CVSSv2
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1161 Github repositories
28 Articles
6.8
CVSSv2
CVE-2017-4919
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.5
Vmware Vcenter Server 6.0
6.8
CVSSv2
CVE-2016-2076
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 prior to 6.2.4.1 mishandles session content, which allows remote malicious users to hijack sessions via a craf...
Vmware Vcloud Automation Identity Appliance 6.2.4
Vmware Vcenter Server 5.5
Vmware Vcloud Director 5.5.5
Vmware Vcenter Server
6.4
CVSSv2
CVE-2016-7460
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x prior to 6.2.5 allows remote malicious users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in con...
Vmware Vrealize Automation 6.0.1.1
Vmware Vrealize Automation 6.0.1.2
Vmware Vrealize Automation 6.2.4
Vmware Vrealize Automation 6.1.0
Vmware Vrealize Automation 6.1.1
Vmware Vrealize Automation 6.2.0
Vmware Vrealize Automation 6.2.1
Vmware Vrealize Automation 6.0.0
Vmware Vrealize Automation 6.0.1
Vmware Vrealize Automation 6.2.2
Vmware Vrealize Automation 6.2.3
5.8
CVSSv2
CVE-2019-5531
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 before 6.7 U1b, 6.5 before 6.5 U2b, and 6.0 before 6.0 U3j) contain an information disclosure vulnerability in clients ...
Vmware Vsphere Esxi 6.7
Vmware Esxi 6.7
Vmware Vsphere Esxi 6.5
Vmware Vsphere Esxi 6.0
Vmware Vcenter Server 6.0
Vmware Vcenter Server 6.7
Vmware Vcenter Server 6.5
5.8
CVSSv2
CVE-2015-6932
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.0
5
CVSSv2
CVE-2017-4927
VMware vCenter Server (6.5 before 6.5 U1 and 6.0 before 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
Vmware Vcenter Server
5
CVSSv2
CVE-2017-4928
The flash-based vSphere Web Client (6.0 before 6.0 U3c and 5.5 before 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified...
Vmware Vcenter Server 5.5
Vmware Vcenter Server 6.0
5
CVSSv2
CVE-2017-4917
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
Vmware Vsphere Data Protection 5.5.5
Vmware Vsphere Data Protection 5.8.0
Vmware Vsphere Data Protection 5.8.1
Vmware Vsphere Data Protection 6.0.4
Vmware Vsphere Data Protection 6.1.0
Vmware Vsphere Data Protection 5.5.8
Vmware Vsphere Data Protection 5.5.9
Vmware Vsphere Data Protection 5.8.4
Vmware Vsphere Data Protection 6.0.0
Vmware Vsphere Data Protection 6.0.1
Vmware Vsphere Data Protection 6.1.3
Vmware Vsphere Data Protection 5.5.6
Vmware Vsphere Data Protection 5.5.7
Vmware Vsphere Data Protection 5.8.2
Vmware Vsphere Data Protection 5.8.3
Vmware Vsphere Data Protection 6.1.1
Vmware Vsphere Data Protection 6.1.2
Vmware Vsphere Data Protection 5.5.10
Vmware Vsphere Data Protection 5.5.11
Vmware Vsphere Data Protection 6.0.2
Vmware Vsphere Data Protection 6.0.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »