Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6...
Vmware Spring Boot
9.8
CVSSv3
CVE-2022-31704
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
Vmware Vrealize Log Insight
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2022-31706
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Vmware Vrealize Log Insight
2 Github repositories
9.8
CVSSv3
CVE-2022-31702
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.
Vmware Vrealize Network Insight 6.5.1
Vmware Vrealize Network Insight 6.2.0
Vmware Vrealize Network Insight 6.3.0
Vmware Vrealize Network Insight 6.4.0
Vmware Vrealize Network Insight 6.6.0
Vmware Vrealize Network Insight 6.7.0
1 Article
9.8
CVSSv3
CVE-2022-38651
A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no lo...
Vmware Hyperic Server 5.8.6
9.8
CVSSv3
CVE-2022-31685
VMware Workspace ONE Assist before 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Vmware Workspace One Assist
1 Article
9.8
CVSSv3
CVE-2022-31686
VMware Workspace ONE Assist before 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Vmware Workspace One Assist
1 Article
9.8
CVSSv3
CVE-2022-31687
VMware Workspace ONE Assist before 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Vmware Workspace One Assist
1 Article
9.8
CVSSv3
CVE-2022-31689
VMware Workspace ONE Assist before 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
Vmware Workspace One Assist
1 Article
9.8
CVSSv3
CVE-2022-31691
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library al...
Vmware Cloudfoundry Manifest Yml Support
Vmware Bosh Editor
Vmware Concourse Ci Pipeline Editor
Vmware Spring Tools
Vmware Spring Boot Tools
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »