Vulnerabilities > Vmware > Cloud Foundation

DATE CVE VULNERABILITY TITLE RISK
2022-05-20 CVE-2022-22972 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
network
low complexity
vmware
critical
9.8
2022-05-20 CVE-2022-22973 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability.
local
low complexity
vmware
7.8
2022-04-13 CVE-2022-22957 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
2022-04-13 CVE-2022-22958 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
2022-04-13 CVE-2022-22959 Cross-Site Request Forgery (CSRF) vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability.
network
low complexity
vmware CWE-352
4.3
2022-04-13 CVE-2022-22960 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
local
low complexity
vmware CWE-732
7.8
2022-04-13 CVE-2022-22961 Information Exposure vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information.
network
low complexity
vmware CWE-200
5.3
2022-04-11 CVE-2022-22954 Code Injection vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection.
network
low complexity
vmware CWE-94
critical
9.8
2022-03-29 CVE-2022-22948 Incorrect Default Permissions vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains an information disclosure vulnerability due to improper permission of files.
network
low complexity
vmware CWE-276
6.5
2022-02-16 CVE-2021-22040 Use After Free vulnerability in VMWare products
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.
local
low complexity
vmware CWE-416
6.7