Vendor CVEs
VMware
All CVEs
967 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-34890 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-34889 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-34887 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-34886 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-34885 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | |||
| CVE-2021-34884 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-34883 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-34881 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | |||
| CVE-2021-34878 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | |||
| CVE-2021-34877 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | |||
| CVE-2021-34876 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | |||
| CVE-2021-34875 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | |||
| CVE-2021-34874 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | |||
| CVE-2021-34872 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | |||
| CVE-2021-34871 | 0.00 | — | 0.02 | Jan 13, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | |||
| CVE-2021-22045 | 0.00 | — | 0.05 | Jan 4, 2022 | VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device… | |||
| CVE-2021-22056 | 0.00 | — | 0.02 | Dec 20, 2021 | VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. | |||
| CVE-2021-22057 | 0.00 | — | 0.01 | Dec 20, 2021 | VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. | |||
| CVE-2021-22049 | 0.00 | — | 0.02 | Nov 24, 2021 | The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter… | |||
| CVE-2021-22048 | 0.00 | — | 0.10 | Nov 10, 2021 | The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. | |||
| CVE-2021-22034 | 0.00 | — | 0.01 | Oct 21, 2021 | Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. | |||
| CVE-2021-22036 | 0.00 | — | 0.01 | Oct 13, 2021 | VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive… | |||
| CVE-2021-22035 | 0.00 | — | 0.01 | Oct 13, 2021 | VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV… | |||
| CVE-2021-22033 | 0.00 | — | 0.01 | Oct 13, 2021 | Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | |||
| CVE-2021-22020 | 0.00 | — | 0.00 | Sep 23, 2021 | The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. | |||
| CVE-2021-22019 | 0.00 | — | 0.02 | Sep 23, 2021 | The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. | |||
| CVE-2021-22018 | 0.00 | — | 0.01 | Sep 23, 2021 | The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. | |||
| CVE-2021-22016 | 0.00 | — | 0.01 | Sep 23, 2021 | The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link. | |||
| CVE-2021-22014 | 0.00 | — | 0.01 | Sep 23, 2021 | The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating… | |||
| CVE-2021-22013 | 0.00 | — | 0.02 | Sep 23, 2021 | The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||
| CVE-2021-22012 | 0.00 | — | 0.01 | Sep 23, 2021 | The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||
| CVE-2021-22011 | 0.00 | — | 0.01 | Sep 23, 2021 | vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation. | |||
| CVE-2021-22009 | 0.00 | — | 0.01 | Sep 23, 2021 | The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI… | |||
| CVE-2021-22008 | 0.00 | — | 0.02 | Sep 23, 2021 | The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. | |||
| CVE-2021-22007 | 0.00 | — | 0.00 | Sep 23, 2021 | The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information. | |||
| CVE-2021-21992 | 0.00 | — | 0.01 | Sep 22, 2021 | The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create… | |||
| CVE-2021-21991 | 0.00 | — | 0.00 | Sep 22, 2021 | The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client… | |||
| CVE-2020-3960 | 0.00 | — | 0.00 | Sep 15, 2021 | VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a… | |||
| CVE-2021-27022 | 0.00 | — | 0.01 | Sep 7, 2021 | A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | |||
| CVE-2021-22003 | 0.00 | — | 0.01 | Aug 31, 2021 | VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy… | |||
| CVE-2021-22002 | 0.00 | — | 0.01 | Aug 31, 2021 | VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the… | |||
| CVE-2021-22021 | 0.00 | — | 0.00 | Aug 30, 2021 | VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim… | |||
| CVE-2021-22025 | 0.00 | — | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. | |||
| CVE-2021-22027 | 0.00 | — | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information… | |||
| CVE-2021-22026 | 0.00 | — | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information… | |||
| CVE-2021-22024 | 0.00 | — | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. | |||
| CVE-2021-22023 | 0.00 | — | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. | |||
| CVE-2021-22022 | 0.00 | — | 0.01 | Aug 30, 2021 | The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. | |||
| CVE-2021-21995 | 0.00 | — | 0.01 | Jul 13, 2021 | OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition. | |||
| CVE-2021-21994 | 0.00 | — | 0.01 | Jul 13, 2021 | SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request. |
- CVE-2021-34890Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-34889Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-34887Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-34886Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-34885Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- CVE-2021-34884Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-34883Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-34881Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- CVE-2021-34878Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- CVE-2021-34877Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- CVE-2021-34876Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- CVE-2021-34875Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- CVE-2021-34874Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- CVE-2021-34872Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- CVE-2021-34871Jan 13, 2022risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- CVE-2021-22045Jan 4, 2022risk 0.00cvss —epss 0.05
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device…
- CVE-2021-22056Dec 20, 2021risk 0.00cvss —epss 0.02
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
- CVE-2021-22057Dec 20, 2021risk 0.00cvss —epss 0.01
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.
- CVE-2021-22049Nov 24, 2021risk 0.00cvss —epss 0.02
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter…
- CVE-2021-22048Nov 10, 2021risk 0.00cvss —epss 0.10
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
- CVE-2021-22034Oct 21, 2021risk 0.00cvss —epss 0.01
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.
- CVE-2021-22036Oct 13, 2021risk 0.00cvss —epss 0.01
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive…
- CVE-2021-22035Oct 13, 2021risk 0.00cvss —epss 0.01
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV…
- CVE-2021-22033Oct 13, 2021risk 0.00cvss —epss 0.01
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
- CVE-2021-22020Sep 23, 2021risk 0.00cvss —epss 0.00
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
- CVE-2021-22019Sep 23, 2021risk 0.00cvss —epss 0.02
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
- CVE-2021-22018Sep 23, 2021risk 0.00cvss —epss 0.01
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
- CVE-2021-22016Sep 23, 2021risk 0.00cvss —epss 0.01
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
- CVE-2021-22014Sep 23, 2021risk 0.00cvss —epss 0.01
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating…
- CVE-2021-22013Sep 23, 2021risk 0.00cvss —epss 0.02
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
- CVE-2021-22012Sep 23, 2021risk 0.00cvss —epss 0.01
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
- CVE-2021-22011Sep 23, 2021risk 0.00cvss —epss 0.01
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
- CVE-2021-22009Sep 23, 2021risk 0.00cvss —epss 0.01
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI…
- CVE-2021-22008Sep 23, 2021risk 0.00cvss —epss 0.02
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
- CVE-2021-22007Sep 23, 2021risk 0.00cvss —epss 0.00
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.
- CVE-2021-21992Sep 22, 2021risk 0.00cvss —epss 0.01
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create…
- CVE-2021-21991Sep 22, 2021risk 0.00cvss —epss 0.00
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client…
- CVE-2020-3960Sep 15, 2021risk 0.00cvss —epss 0.00
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a…
- CVE-2021-27022Sep 7, 2021risk 0.00cvss —epss 0.01
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
- CVE-2021-22003Aug 31, 2021risk 0.00cvss —epss 0.01
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy…
- CVE-2021-22002Aug 31, 2021risk 0.00cvss —epss 0.01
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the…
- CVE-2021-22021Aug 30, 2021risk 0.00cvss —epss 0.00
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim…
- CVE-2021-22025Aug 30, 2021risk 0.00cvss —epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.
- CVE-2021-22027Aug 30, 2021risk 0.00cvss —epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information…
- CVE-2021-22026Aug 30, 2021risk 0.00cvss —epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information…
- CVE-2021-22024Aug 30, 2021risk 0.00cvss —epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
- CVE-2021-22023Aug 30, 2021risk 0.00cvss —epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.
- CVE-2021-22022Aug 30, 2021risk 0.00cvss —epss 0.01
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
- CVE-2021-21995Jul 13, 2021risk 0.00cvss —epss 0.01
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.
- CVE-2021-21994Jul 13, 2021risk 0.00cvss —epss 0.01
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
Page 13 of 20