# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-27772 |
668 |
|
|
2022-03-30 |
2022-04-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer. |
2 |
CVE-2022-22976 |
190 |
|
Overflow |
2022-05-19 |
2022-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. |
3 |
CVE-2022-22971 |
770 |
|
DoS |
2022-05-12 |
2022-10-05 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. |
4 |
CVE-2022-22953 |
200 |
|
+Info |
2022-06-16 |
2022-06-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. |
5 |
CVE-2022-22950 |
770 |
|
DoS |
2022-04-01 |
2022-06-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. |
6 |
CVE-2022-22948 |
276 |
|
|
2022-03-29 |
2022-04-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. |
7 |
CVE-2022-22939 |
532 |
|
|
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. |
8 |
CVE-2021-22118 |
668 |
|
|
2021-05-27 |
2022-10-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. |
9 |
CVE-2021-22116 |
20 |
|
DoS |
2021-06-08 |
2022-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. |
10 |
CVE-2021-22113 |
863 |
|
Bypass |
2021-02-23 |
2021-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. |
11 |
CVE-2021-22096 |
|
|
|
2021-10-28 |
2022-04-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. |
12 |
CVE-2021-22095 |
502 |
|
|
2021-11-30 |
2021-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message |
13 |
CVE-2021-22060 |
|
|
|
2022-01-10 |
2022-05-13 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. |
14 |
CVE-2021-22051 |
863 |
|
|
2021-11-08 |
2021-11-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. |
15 |
CVE-2021-22047 |
668 |
|
|
2021-10-28 |
2021-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. |
16 |
CVE-2021-22042 |
863 |
|
|
2022-02-16 |
2022-02-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user. |
17 |
CVE-2021-22041 |
|
|
Exec Code |
2022-02-16 |
2022-02-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
18 |
CVE-2021-22040 |
416 |
|
Exec Code |
2022-02-16 |
2022-02-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
19 |
CVE-2021-22037 |
427 |
|
|
2021-10-29 |
2021-11-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers. |
20 |
CVE-2021-22036 |
200 |
|
+Info |
2021-10-13 |
2021-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure. |
21 |
CVE-2021-22035 |
74 |
|
|
2021-10-13 |
2021-10-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment. |
22 |
CVE-2021-22033 |
918 |
|
|
2021-10-13 |
2021-10-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. |
23 |
CVE-2021-22022 |
22 |
|
Dir. Trav. |
2021-08-30 |
2022-02-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. |
24 |
CVE-2021-22016 |
79 |
|
XSS |
2021-09-23 |
2021-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link. |
25 |
CVE-2021-21993 |
918 |
|
|
2021-09-23 |
2021-09-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. |
26 |
CVE-2021-21991 |
|
|
|
2021-09-22 |
2022-07-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). |
27 |
CVE-2021-21990 |
79 |
|
XSS |
2021-05-11 |
2022-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response. |
28 |
CVE-2021-21981 |
269 |
|
|
2021-04-19 |
2021-04-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. |
29 |
CVE-2020-11652 |
22 |
|
Dir. Trav. |
2020-04-30 |
2022-05-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. |
30 |
CVE-2020-10713 |
120 |
|
Exec Code Overflow Bypass |
2020-07-30 |
2022-11-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
31 |
CVE-2020-5426 |
319 |
|
|
2020-11-11 |
2020-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller. |
32 |
CVE-2020-5425 |
287 |
|
|
2020-10-31 |
2020-11-17 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication. |
33 |
CVE-2020-5419 |
427 |
|
Exec Code |
2020-08-31 |
2022-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. |
34 |
CVE-2020-5412 |
610 |
|
|
2020-08-07 |
2020-08-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. |
35 |
CVE-2020-5408 |
330 |
|
|
2020-05-14 |
2021-06-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. |
36 |
CVE-2020-5406 |
522 |
|
|
2020-04-10 |
2020-04-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling. |
37 |
CVE-2020-5405 |
22 |
|
Dir. Trav. |
2020-03-05 |
2020-03-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. |
38 |
CVE-2020-4004 |
416 |
|
Exec Code |
2020-11-20 |
2020-12-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
39 |
CVE-2020-4003 |
89 |
|
Sql |
2020-11-24 |
2020-12-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure. |
40 |
CVE-2020-3993 |
|
|
|
2020-10-20 |
2020-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. |
41 |
CVE-2020-3984 |
89 |
|
Sql |
2020-11-24 |
2020-12-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access. |
42 |
CVE-2020-3982 |
787 |
|
|
2020-10-20 |
2020-10-30 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. |
43 |
CVE-2020-3977 |
306 |
|
Bypass |
2020-09-22 |
2020-09-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. |
44 |
CVE-2020-3969 |
193 |
|
Exec Code Overflow |
2020-06-24 |
2020-07-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. |
45 |
CVE-2020-3968 |
787 |
|
DoS Exec Code |
2020-06-25 |
2020-07-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. |
46 |
CVE-2020-3967 |
787 |
|
Exec Code Overflow |
2020-06-25 |
2020-07-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. |
47 |
CVE-2020-3962 |
416 |
|
Exec Code |
2020-06-24 |
2020-07-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. |
48 |
CVE-2020-3955 |
79 |
|
XSS |
2020-04-29 |
2020-05-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3. |
49 |
CVE-2020-3948 |
269 |
|
|
2020-03-16 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM. |
50 |
CVE-2020-3940 |
295 |
|
|
2020-01-17 |
2020-01-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. |