Total
94 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22959 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. | |||||
CVE-2022-22960 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. | |||||
CVE-2021-22050 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests. | |||||
CVE-2021-22041 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | |||||
CVE-2022-22957 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. | |||||
CVE-2022-22973 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||||
CVE-2022-22961 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. | |||||
CVE-2022-22958 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. | |||||
CVE-2022-22954 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | |||||
CVE-2022-22945 | 1 Vmware | 2 Cloud Foundation, Nsx Data Center | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root. | |||||
CVE-2021-22040 | 1 Vmware | 5 Cloud Foundation, Esxi, Fusion and 2 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | |||||
CVE-2022-22948 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. | |||||
CVE-2022-22972 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | |||||
CVE-2021-22015 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | |||||
CVE-2021-22006 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints. | |||||
CVE-2021-22009 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. | |||||
CVE-2022-22939 | 1 Vmware | 1 Cloud Foundation | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. | |||||
CVE-2021-21991 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). | |||||
CVE-2021-22010 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service. | |||||
CVE-2021-22045 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. |