The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
Source: VMware
Max CVSS
4.9
EPSS Score
0.04%
Published
2024-05-21
Updated
2024-05-22
VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own organization's scope.
Source: VMware
Max CVSS
4.9
EPSS Score
0.04%
Published
2024-06-27
Updated
2024-06-27
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
Source: VMware
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-12
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured.
Source: VMware
Max CVSS
4.8
EPSS Score
0.04%
Published
2024-04-02
Updated
2024-07-03
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.  
Source: VMware
Max CVSS
4.8
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-10
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
Source: VMware
Max CVSS
4.9
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-10
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
Source: GitHub, Inc.
Max CVSS
4.9
EPSS Score
0.14%
Published
2023-10-25
Updated
2023-12-14
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
Source: VMware
Max CVSS
4.6
EPSS Score
0.09%
Published
2023-12-12
Updated
2023-12-18
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
Source: VMware
Max CVSS
4.3
EPSS Score
N/A
Published
2023-10-25
Updated
2023-10-31
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.
Source: VMware
Max CVSS
4.3
EPSS Score
0.06%
Published
2023-09-20
Updated
2023-10-18
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
Source: VMware
Max CVSS
4.9
EPSS Score
0.12%
Published
2022-12-16
Updated
2022-12-21
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
Source: VMware
Max CVSS
4.9
EPSS Score
0.06%
Published
2022-10-11
Updated
2022-10-13
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
Source: VMware
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-08-10
Updated
2022-08-15
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
Source: VMware
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-04-13
Updated
2022-04-21
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
Source: VMware
Max CVSS
4.9
EPSS Score
0.06%
Published
2022-02-04
Updated
2022-02-10
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.
Source: GitHub, Inc.
Max CVSS
4.8
EPSS Score
0.10%
Published
2021-06-28
Updated
2021-07-02
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Source: VMware
Max CVSS
4.3
EPSS Score
0.08%
Published
2021-10-28
Updated
2022-04-28
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
Source: VMware
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-01-10
Updated
2022-05-13
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
Source: VMware
Max CVSS
4.3
EPSS Score
0.05%
Published
2021-10-13
Updated
2021-10-20
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
Source: VMware
Max CVSS
4.0
EPSS Score
0.05%
Published
2021-10-13
Updated
2021-10-19
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
Source: VMware
Max CVSS
4.9
EPSS Score
0.12%
Published
2021-08-30
Updated
2022-02-01
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.
Source: VMware
Max CVSS
4.7
EPSS Score
0.06%
Published
2020-06-25
Updated
2022-05-03
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
Source: VMware
Max CVSS
4.8
EPSS Score
0.05%
Published
2020-04-15
Updated
2021-07-21
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
Source: Pivotal Software, Inc.
Max CVSS
4.8
EPSS Score
0.07%
Published
2019-11-22
Updated
2022-07-01
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.
Source: VMware
Max CVSS
4.7
EPSS Score
0.06%
Published
2019-10-10
Updated
2021-07-21
72 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!