Vulnerabilities > Vmware > Cloud Foundation > 4.1

DATE CVE VULNERABILITY TITLE RISK
2022-04-13 CVE-2022-22959 Cross-Site Request Forgery (CSRF) vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability.
network
low complexity
vmware CWE-352
4.3
4.3
2022-04-13 CVE-2022-22960 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
local
low complexity
vmware CWE-732
7.8
7.8
2022-04-13 CVE-2022-22961 Information Exposure vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information.
network
low complexity
vmware CWE-200
5.3
5.3
2022-04-11 CVE-2022-22954 Code Injection vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection.
network
low complexity
vmware CWE-94
critical
 9.8
9.8
2022-03-29 CVE-2022-22948 Incorrect Default Permissions vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains an information disclosure vulnerability due to improper permission of files.
network
low complexity
vmware CWE-276
6.5
6.5
2022-02-16 CVE-2021-22040 Use After Free vulnerability in VMWare products
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.
local
low complexity
vmware CWE-416
6.7
6.7
2022-02-16 CVE-2021-22041 Unspecified vulnerability in VMWare products
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller.
local
low complexity
vmware
6.7
6.7
2022-02-16 CVE-2021-22042 Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets.
local
low complexity
vmware CWE-863
7.8
7.8
2022-02-16 CVE-2021-22050 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Esxi 6.5/6.7
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy.
network
low complexity
vmware CWE-770
7.5
7.5
2022-01-04 CVE-2021-22045 Out-of-bounds Write vulnerability in VMWare products
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation.
local
high complexity
vmware CWE-787
7.8
7.8