Vulnerabilities > Vmware > Cloud Foundation > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-22024 | Information Exposure Through Log Files vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. | 7.5 |
| 2021-08-30 | CVE-2021-22025 | Improper Authentication vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. | 7.5 |
| 2021-08-30 | CVE-2021-22026 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. | 7.5 |
| 2021-08-30 | CVE-2021-22027 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. | 7.5 |
| 2021-05-26 | CVE-2021-21985 | Improper Input Validation vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. | 9.8 |
| 2021-05-26 | CVE-2021-21986 | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. | 9.8 |
| 2021-03-31 | CVE-2021-21983 | Unspecified vulnerability in VMWare products Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | 6.5 |
| 2021-03-31 | CVE-2021-21975 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | 7.5 |
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 8.8 |
| 2021-02-24 | CVE-2021-21973 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. | 5.3 |