Vulnerabilities > Vmware > Cloud Foundation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-22021 | Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vrealize LOG Insight VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. | 5.4 |
| 2021-08-30 | CVE-2021-22022 | Path Traversal vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. | 4.9 |
| 2021-08-30 | CVE-2021-22023 | Authorization Bypass Through User-Controlled Key vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. | 7.2 |
| 2021-08-30 | CVE-2021-22024 | Information Exposure Through Log Files vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. | 7.5 |
| 2021-08-30 | CVE-2021-22025 | Improper Authentication vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. | 7.5 |
| 2021-08-30 | CVE-2021-22026 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. | 7.5 |
| 2021-08-30 | CVE-2021-22027 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. | 7.5 |
| 2021-07-13 | CVE-2021-21994 | Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. | 9.8 |
| 2021-07-13 | CVE-2021-21995 | Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. | 7.5 |
| 2021-05-26 | CVE-2021-21985 | Improper Input Validation vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. | 9.8 |