Vulnerabilities > Vmware > Cloud Foundation > 4.1.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-23 | CVE-2021-22012 | Missing Authentication for Critical Function vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. | 5.0 |
2021-09-22 | CVE-2021-21991 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. | 4.6 |
2021-09-22 | CVE-2021-21992 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. | 6.8 |
2021-08-31 | CVE-2021-22002 | Improper Authentication vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. | 7.5 |
2021-08-31 | CVE-2021-22003 | Improper Restriction of Excessive Authentication Attempts vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. | 5.0 |
2021-08-30 | CVE-2021-22022 | Path Traversal vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. | 4.0 |
2021-08-30 | CVE-2021-22023 | Authorization Bypass Through User-Controlled Key vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. | 6.5 |
2021-08-30 | CVE-2021-22024 | Information Exposure Through Log Files vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. | 5.0 |
2021-08-30 | CVE-2021-22025 | Improper Authentication vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. | 5.0 |
2021-08-30 | CVE-2021-22026 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. | 5.0 |