Filtered by vendor Vmware
Subscriptions
Total
892 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22011 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 5.3 Medium |
| vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation. | ||||
| CVE-2021-22023 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-08-03 | 7.2 High |
| The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. | ||||
| CVE-2021-22024 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-08-03 | 7.5 High |
| The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. | ||||
| CVE-2021-22038 | 1 Vmware | 1 Installbuilder | 2024-08-03 | 8.8 High |
| On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers. | ||||
| CVE-2021-22018 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 6.5 Medium |
| The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. | ||||
| CVE-2021-22053 | 1 Vmware | 1 Spring Cloud Netflix | 2024-08-03 | 8.8 High |
| Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. | ||||
| CVE-2021-22012 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 7.5 High |
| The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | ||||
| CVE-2021-22096 | 4 Netapp, Oracle, Redhat and 1 more | 12 Active Iq Unified Manager, Management Services For Element Software And Netapp Hci, Metrocluster Tiebreaker and 9 more | 2024-08-03 | 4.3 Medium |
| In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | ||||
| CVE-2021-22013 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 7.5 High |
| The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | ||||
| CVE-2021-22029 | 1 Vmware | 1 Workspace One Uem Console | 2024-08-03 | 7.5 High |
| VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting. | ||||
| CVE-2021-22021 | 1 Vmware | 2 Cloud Foundation, Vrealize Log Insight | 2024-08-03 | 5.4 Medium |
| VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. | ||||
| CVE-2021-22117 | 2 Microsoft, Vmware | 2 Windows, Rabbitmq | 2024-08-03 | 7.8 High |
| RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | ||||
| CVE-2021-22015 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 7.8 High |
| The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | ||||
| CVE-2021-22036 | 1 Vmware | 2 Vrealize Automation, Vrealize Orchestrator | 2024-08-03 | 6.5 Medium |
| VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure. | ||||
| CVE-2021-22095 | 1 Vmware | 1 Spring Advanced Message Queuing Protocol | 2024-08-03 | 6.5 Medium |
| In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message | ||||
| CVE-2021-22025 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-08-03 | 7.5 High |
| The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. | ||||
| CVE-2021-22114 | 1 Vmware | 1 Spring Integration Zip | 2024-08-03 | 5.3 Medium |
| Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. | ||||
| CVE-2021-22060 | 3 Oracle, Redhat, Vmware | 4 Communications Cloud Native Core Console, Communications Cloud Native Core Service Communication Proxy, Jboss Fuse and 1 more | 2024-08-03 | 4.3 Medium |
| In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. | ||||
| CVE-2021-22008 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 7.5 High |
| The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. | ||||
| CVE-2021-21984 | 1 Vmware | 1 Vrealize Business For Cloud | 2024-08-03 | 9.8 Critical |
| VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance. | ||||