VYPR

Vcenter Server

by VMware

CVEs (80)

  • CVE-2023-20893Jun 22, 2023
    risk 0.00cvss epss 0.01

    The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

  • CVE-2023-20892Jun 22, 2023
    risk 0.00cvss epss 0.02

    The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the…

  • CVE-2022-31697Dec 13, 2022
    risk 0.00cvss epss 0.00

    The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext…

  • CVE-2022-31698Dec 13, 2022
    risk 0.00cvss epss 0.48

    The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

  • CVE-2022-31680Oct 7, 2022
    risk 0.00cvss epss 0.33

    The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

  • CVE-2022-22982Jul 13, 2022
    risk 0.00cvss epss 0.01

    The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

  • CVE-2021-22048Nov 10, 2021
    risk 0.00cvss epss 0.10

    The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

  • CVE-2021-22020Sep 23, 2021
    risk 0.00cvss epss 0.00

    The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.

  • CVE-2021-22019Sep 23, 2021
    risk 0.00cvss epss 0.02

    The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.

  • CVE-2021-22018Sep 23, 2021
    risk 0.00cvss epss 0.01

    The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

  • CVE-2021-22016Sep 23, 2021
    risk 0.00cvss epss 0.01

    The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.

  • CVE-2021-22014Sep 23, 2021
    risk 0.00cvss epss 0.01

    The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating…

  • CVE-2021-22013Sep 23, 2021
    risk 0.00cvss epss 0.02

    The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2021-22012Sep 23, 2021
    risk 0.00cvss epss 0.01

    The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2021-22011Sep 23, 2021
    risk 0.00cvss epss 0.01

    vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.

  • CVE-2021-22009Sep 23, 2021
    risk 0.00cvss epss 0.01

    The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI…

  • CVE-2021-22008Sep 23, 2021
    risk 0.00cvss epss 0.02

    The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.

  • CVE-2021-22007Sep 23, 2021
    risk 0.00cvss epss 0.00

    The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.

  • CVE-2021-21992Sep 22, 2021
    risk 0.00cvss epss 0.01

    The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create…

  • CVE-2021-21991Sep 22, 2021
    risk 0.00cvss epss 0.00

    The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client…