Cloud Foundation

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-11	CVE-2024-22280	SQL Injection vulnerability in VMWare Aria Automation and Cloud Foundation VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. network low complexity vmware CWE-89	8.1
2024-06-25	CVE-2024-37085	Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. network low complexity vmware CWE-287	7.2
2024-01-16	CVE-2023-34063	Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. network low complexity vmware CWE-862	8.3
2023-09-27	CVE-2023-34043	Improper Privilege Management vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. local low complexity vmware CWE-269	6.7
2023-05-30	CVE-2023-20884	Open Redirect vulnerability in VMWare products VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. network low complexity vmware CWE-601	6.1
2023-05-12	CVE-2023-20877	Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a privilege escalation vulnerability. network low complexity vmware	8.8
2023-05-12	CVE-2023-20878	Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a deserialization vulnerability. network low complexity vmware CWE-502	7.2
2023-05-12	CVE-2023-20879	Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a Local privilege escalation vulnerability. local low complexity vmware	6.7
2023-05-12	CVE-2023-20880	Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains a privilege escalation vulnerability. local low complexity vmware	6.7
2023-04-20	CVE-2023-20864	Deserialization of Untrusted Data vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operations for Logs contains a deserialization vulnerability. network low complexity vmware CWE-502 critical	9.8