Vulnerabilities > Vmware > Cloud Foundation > 4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-11	CVE-2024-22280	SQL Injection vulnerability in VMWare Aria Automation and Cloud Foundation VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. network low complexity vmware CWE-89	8.1
2024-06-25	CVE-2024-37085	Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. network low complexity vmware CWE-287	7.2
2024-05-21	CVE-2024-22273	Out-of-bounds Write vulnerability in VMWare products The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. local low complexity vmware CWE-787	7.8
2024-02-21	CVE-2024-22235	Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. local low complexity vmware	6.7
2024-01-16	CVE-2023-34063	Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. network low complexity vmware CWE-862	8.3
2023-09-27	CVE-2023-34043	Improper Privilege Management vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. local low complexity vmware CWE-269	6.7
2023-05-12	CVE-2023-20877	Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a privilege escalation vulnerability. network low complexity vmware	8.8
2023-05-12	CVE-2023-20878	Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a deserialization vulnerability. network low complexity vmware CWE-502	7.2
2023-05-12	CVE-2023-20879	Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a Local privilege escalation vulnerability. local low complexity vmware	6.7
2023-05-12	CVE-2023-20880	Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation VMware Aria Operations contains a privilege escalation vulnerability. local low complexity vmware	6.7