Vulnerabilities > Vmware > Cloud Foundation > 4.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2022-22960 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. | 7.8 |
| 2022-04-13 | CVE-2022-22961 | Information Exposure vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. | 5.3 |
| 2021-09-23 | CVE-2021-22015 | Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. | 7.8 |
| 2021-09-23 | CVE-2021-22016 | Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. | 6.1 |
| 2021-09-23 | CVE-2021-21993 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. | 6.5 |
| 2021-09-23 | CVE-2021-22005 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |
| 2021-09-23 | CVE-2021-22006 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. | 7.5 |
| 2021-09-23 | CVE-2021-22007 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a local information disclosure vulnerability in the Analytics service. | 5.5 |
| 2021-09-23 | CVE-2021-22008 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. | 7.5 |
| 2021-09-23 | CVE-2021-22009 | Exposure of Resource to Wrong Sphere vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. | 7.5 |