Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2022-22970 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Spring Framework
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
network
low complexity
vmware CWE-770
5.0
2022-05-12 CVE-2022-22971 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Spring Framework
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
network
low complexity
vmware CWE-770
4.0
2022-05-11 CVE-2022-22975 Injection vulnerability in VMWare Pinniped
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources.
network
vmware CWE-74
6.0
2022-04-14 CVE-2022-22966 Unspecified vulnerability in VMWare Vcloud Director 10.1.0
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.
network
low complexity
vmware
6.5
2022-04-14 CVE-2022-22968 Improper Handling of Case Sensitivity vulnerability in VMWare Spring Framework
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
network
low complexity
vmware CWE-178
5.0
2022-04-13 CVE-2022-22955 Improper Authentication vulnerability in VMWare products
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.
network
low complexity
vmware CWE-287
7.5
2022-04-13 CVE-2022-22956 Improper Authentication vulnerability in VMWare products
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.
network
low complexity
vmware CWE-287
7.5
2022-04-13 CVE-2022-22957 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
6.5
2022-04-13 CVE-2022-22958 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-732
6.5
2022-04-13 CVE-2022-22959 Cross-Site Request Forgery (CSRF) vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability.
network
vmware CWE-352
4.3