Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2021-10-13 CVE-2021-22033 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
network
low complexity
vmware CWE-918
4.0
2021-10-13 CVE-2021-22036 Information Exposure vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling.
network
vmware CWE-200
4.3
2021-09-23 CVE-2021-22015 Improper Privilege Management vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories.
local
low complexity
vmware CWE-269
7.2
2021-09-23 CVE-2021-22016 Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization.
network
vmware CWE-79
4.3
2021-09-23 CVE-2021-22017 Unspecified vulnerability in VMWare Vcenter Server 6.7
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.
network
low complexity
vmware
5.0
2021-09-23 CVE-2021-22018 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in.
network
low complexity
vmware
6.4
2021-09-23 CVE-2021-22019 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service.
network
low complexity
vmware
5.0
2021-09-23 CVE-2021-22020 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a denial-of-service vulnerability in the Analytics service.
local
low complexity
vmware
2.1
2021-09-23 CVE-2021-21993 Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library.
network
low complexity
vmware CWE-918
4.0
2021-09-23 CVE-2021-22005 Unrestricted Upload of File with Dangerous Type vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service.
network
low complexity
vmware CWE-434
7.5