Vulnerabilities > Vmware > Cloud Foundation > 3.0.1.1

DATE CVE VULNERABILITY TITLE RISK
2022-03-29 CVE-2022-22948 Incorrect Default Permissions vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an information disclosure vulnerability due to improper permission of files.
network
low complexity
vmware CWE-276
4.0
2022-02-16 CVE-2021-22040 Use After Free vulnerability in VMWare products
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.
local
low complexity
vmware CWE-416
4.6
2022-02-16 CVE-2021-22041 Unspecified vulnerability in VMWare products
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller.
local
low complexity
vmware
4.6
2022-02-16 CVE-2021-22050 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Cloud Foundation and Esxi
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy.
network
low complexity
vmware CWE-770
5.0
2022-02-16 CVE-2022-22945 OS Command Injection vulnerability in VMWare Cloud Foundation and NSX Data Center
VMware NSX Edge contains a CLI shell injection vulnerability.
local
low complexity
vmware CWE-78
7.2
2022-02-04 CVE-2022-22939 Information Exposure Through Log Files vulnerability in VMWare Cloud Foundation
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager.
network
low complexity
vmware CWE-532
4.0
2022-01-04 CVE-2021-22045 Out-of-bounds Write vulnerability in VMWare products
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation.
local
vmware CWE-787
6.9
2021-11-10 CVE-2021-22048 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.
network
low complexity
vmware
8.8
2021-10-13 CVE-2021-22033 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
network
low complexity
vmware CWE-918
4.0
2021-09-23 CVE-2021-22015 Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories.
local
low complexity
vmware CWE-552
7.8