Vulnerabilities > Vmware
|2023-09-27||CVE-2023-34043|| Improper Privilege Management vulnerability in VMWare Aria Operations and Cloud Foundation |
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
| 6.7 |
|2023-08-31||CVE-2023-20900|| Authentication Bypass by Capture-replay vulnerability in VMWare Open VM Tools and Tools |
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
| 7.5 |
|2023-08-29||CVE-2023-20890|| Path Traversal vulnerability in VMWare Aria Operations for Networks |
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
| 7.2 |
|2023-08-29||CVE-2023-34039|| Use of a Broken or Risky Cryptographic Algorithm vulnerability in VMWare Aria Operations for Networks |
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
| 9.8 |
|2023-08-24||CVE-2023-34040|| Deserialization of Untrusted Data vulnerability in VMWare Spring |
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied.
| 7.8 |
|2023-08-04||CVE-2023-34037|| HTTP Request Smuggling vulnerability in VMWare Horizon Client |
VMware Horizon Server contains a HTTP request smuggling vulnerability.
| 5.3 |
|2023-08-04||CVE-2023-34038|| Unspecified vulnerability in VMWare Horizon Client |
VMware Horizon Server contains an information disclosure vulnerability.
| 5.3 |
|2023-07-26||CVE-2023-20891|| Information Exposure Through Log Files vulnerability in VMWare products |
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application.
| 6.5 |
|2023-07-19||CVE-2023-34034|| Unspecified vulnerability in VMWare Spring Security |
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
| 9.8 |
|2023-07-18||CVE-2023-34035|| Incorrect Authorization vulnerability in VMWare Spring Security |
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints
| 5.3 |