VYPR

Nsx

by VMware

CVEs (11)

  • CVE-2025-41251HigSep 29, 2025
    risk 0.53cvss 8.1epss 0.01

    VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack…

  • CVE-2021-21981HigApr 19, 2021
    risk 0.51cvss 7.8epss 0.00

    VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.

  • CVE-2025-41252HigSep 29, 2025
    risk 0.49cvss 7.5epss 0.01

    Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unauthorized access. …

  • CVE-2025-22244MedJun 4, 2025
    risk 0.45cvss 6.9epss 0.00

    VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

  • CVE-2024-38818MedOct 9, 2024
    risk 0.44cvss 6.7epss 0.00

    VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.

  • CVE-2024-38817MedOct 9, 2024
    risk 0.44cvss 6.7epss 0.01

    VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.

  • CVE-2023-20868MedMay 26, 2023
    risk 0.40cvss 6.1epss 0.00

    NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.

  • CVE-2025-22245MedJun 4, 2025
    risk 0.38cvss 5.9epss 0.00

    VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

  • CVE-2020-3993MedOct 20, 2020
    risk 0.38cvss 5.9epss 0.01

    VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the…

  • CVE-2024-38815MedOct 9, 2024
    risk 0.28cvss 4.3epss 0.00

    VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.

  • CVE-2014-3796Sep 15, 2014
    risk 0.00cvss epss 0.02

    VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.