VYPR

Vcenter Server

by VMware

CVEs (80)

  • CVE-2021-21972KEVFeb 24, 2021
    risk 0.29cvss epss 1.00

    The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter…

  • CVE-2020-3952KEVApr 10, 2020
    risk 0.23cvss epss 0.90

    Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

  • CVE-2024-37079KEVJun 18, 2024
    risk 0.19cvss epss 0.22

    vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

  • CVE-2023-34048KEVOct 25, 2023
    risk 0.19cvss epss 0.99

    vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

  • CVE-2021-21973KEVFeb 24, 2021
    risk 0.19cvss epss 0.88

    The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin…

  • CVE-2024-38812KEVSep 17, 2024
    risk 0.18cvss epss 0.54

    The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code…

  • CVE-2021-22017KEVSep 23, 2021
    risk 0.18cvss epss 0.47

    Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

  • CVE-2022-22948KEVMar 29, 2022
    risk 0.17cvss epss 0.14

    The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2024-38813KEVSep 17, 2024
    risk 0.14cvss epss 0.17

    The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

  • CVE-2015-2342Oct 12, 2015
    risk 0.10cvss epss 0.89

    The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

  • CVE-2024-22274May 21, 2024
    risk 0.06cvss epss 0.02

    The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

  • CVE-2021-22006Sep 23, 2021
    risk 0.05cvss epss 0.06

    The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.

  • CVE-2023-20894Jun 22, 2023
    risk 0.04cvss epss 0.34

    The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.

  • CVE-2021-22015Sep 23, 2021
    risk 0.03cvss epss 0.02

    The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server…

  • CVE-2024-22275May 21, 2024
    risk 0.01cvss epss 0.01

    The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.

  • CVE-2021-21980Nov 24, 2021
    risk 0.01cvss epss 0.05

    The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2024-37087Jun 25, 2024
    risk 0.00cvss epss 0.01

    The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.

  • CVE-2023-34056Oct 25, 2023
    risk 0.00cvss epss 0.01

    vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

  • CVE-2023-20896Jun 22, 2023
    risk 0.00cvss epss 0.01

    The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of…

  • CVE-2023-20895Jun 22, 2023
    risk 0.00cvss epss 0.01

    The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.