| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-6366 |
94 |
1
|
Exec Code |
2013-11-04 |
2013-11-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. |
|
2 |
CVE-2022-22980 |
917 |
|
|
2022-06-23 |
2022-06-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. |
|
3 |
CVE-2022-22979 |
770 |
|
|
2022-06-21 |
2022-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. |
|
4 |
CVE-2022-22975 |
74 |
|
|
2022-05-11 |
2022-05-19 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership. |
|
5 |
CVE-2022-22968 |
178 |
|
|
2022-04-14 |
2022-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. |
|
6 |
CVE-2022-22966 |
|
|
Exec Code +Priv |
2022-04-14 |
2022-04-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. |
|
7 |
CVE-2022-22947 |
94 |
|
Exec Code |
2022-03-03 |
2022-10-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. |
|
8 |
CVE-2021-22119 |
863 |
|
|
2021-06-29 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. |
|
9 |
CVE-2021-22114 |
22 |
|
Dir. Trav. |
2021-03-01 |
2021-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. |
|
10 |
CVE-2021-22097 |
502 |
|
|
2021-10-28 |
2021-11-01 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called. |
|
11 |
CVE-2021-22055 |
74 |
|
|
2022-04-11 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. |
|
12 |
CVE-2021-22054 |
918 |
|
|
2021-12-17 |
2021-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. |
|
13 |
CVE-2021-22053 |
94 |
|
Exec Code |
2021-11-19 |
2021-11-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. |
|
14 |
CVE-2021-22050 |
770 |
|
|
2022-02-16 |
2022-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests. |
|
15 |
CVE-2021-22048 |
|
|
|
2021-11-10 |
2023-01-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. |
|
16 |
CVE-2021-22045 |
787 |
|
Exec Code Overflow |
2022-01-04 |
2022-01-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. |
|
17 |
CVE-2021-22044 |
668 |
|
|
2021-10-28 |
2022-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. |
|
18 |
CVE-2021-22043 |
367 |
|
|
2022-02-16 |
2022-02-24 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files. |
|
19 |
CVE-2021-22038 |
330 |
|
+Priv |
2021-10-29 |
2021-11-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers. |
|
20 |
CVE-2021-22034 |
|
|
|
2021-10-21 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. |
|
21 |
CVE-2021-22029 |
770 |
|
DoS |
2021-08-31 |
2021-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting. |
|
22 |
CVE-2021-22027 |
918 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. |
|
23 |
CVE-2021-22026 |
918 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. |
|
24 |
CVE-2021-22025 |
287 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. |
|
25 |
CVE-2021-22024 |
532 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. |
|
26 |
CVE-2021-22023 |
639 |
|
|
2021-08-30 |
2022-02-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. |
|
27 |
CVE-2021-22019 |
|
|
DoS |
2021-09-23 |
2021-09-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. |
|
28 |
CVE-2021-22018 |
|
|
|
2021-09-23 |
2021-09-30 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. |
|
29 |
CVE-2021-22017 |
|
|
Bypass |
2021-09-23 |
2021-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. |
|
30 |
CVE-2021-22013 |
22 |
|
Dir. Trav. |
2021-09-23 |
2021-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. |
|
31 |
CVE-2021-22012 |
306 |
|
|
2021-09-23 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. |
|
32 |
CVE-2021-22011 |
|
|
|
2021-09-23 |
2021-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation. |
|
33 |
CVE-2021-22010 |
400 |
|
DoS |
2021-09-23 |
2021-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service. |
|
34 |
CVE-2021-22009 |
668 |
|
DoS |
2021-09-23 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. |
|
35 |
CVE-2021-22008 |
|
|
|
2021-09-23 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. |
|
36 |
CVE-2021-22006 |
|
|
Bypass |
2021-09-23 |
2021-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints. |
|
37 |
CVE-2021-22003 |
307 |
|
|
2021-08-31 |
2021-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. |
|
38 |
CVE-2021-22000 |
269 |
|
|
2021-07-13 |
2021-09-20 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it. |
|
39 |
CVE-2021-21995 |
125 |
|
|
2021-07-13 |
2022-06-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition. |
|
40 |
CVE-2021-21994 |
287 |
|
Bypass |
2021-07-13 |
2022-06-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request. |
|
41 |
CVE-2021-21992 |
|
|
|
2021-09-22 |
2022-07-12 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host. |
|
42 |
CVE-2021-21980 |
|
|
|
2021-11-24 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. |
|
43 |
CVE-2021-21976 |
77 |
|
Exec Code |
2021-02-11 |
2021-02-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution. |
|
44 |
CVE-2021-21975 |
918 |
|
|
2021-03-31 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. |
|
45 |
CVE-2021-21974 |
787 |
|
Exec Code Overflow |
2021-02-24 |
2022-06-02 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. |
|
46 |
CVE-2021-21973 |
918 |
|
|
2021-02-24 |
2021-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). |
|
47 |
CVE-2020-5428 |
89 |
|
Sql |
2021-01-27 |
2021-02-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. |
|
48 |
CVE-2020-5427 |
89 |
|
Sql |
2021-01-27 |
2021-02-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. |
|
49 |
CVE-2020-5414 |
532 |
|
|
2020-07-31 |
2020-08-04 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators. |
|
50 |
CVE-2020-5410 |
22 |
|
Dir. Trav. |
2020-06-02 |
2022-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. |
