Vulnerabilities > Vmware > Cloud Foundation > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-04 CVE-2025-22224 Unspecified vulnerability in VMWare products
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
local
low complexity
vmware
8.2
2024-07-11 CVE-2024-22280 SQL Injection vulnerability in VMWare Aria Automation and Cloud Foundation
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
network
low complexity
vmware CWE-89
8.1
2024-06-25 CVE-2024-37085 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
network
low complexity
vmware CWE-287
7.2
2024-05-21 CVE-2024-22273 Out-of-bounds Write vulnerability in VMWare products
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
local
low complexity
vmware CWE-787
7.8
2024-01-16 CVE-2023-34063 Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
network
low complexity
vmware CWE-862
8.3
2023-05-12 CVE-2023-20877 Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a privilege escalation vulnerability.
network
low complexity
vmware
8.8
2023-05-12 CVE-2023-20878 Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a deserialization vulnerability.
network
low complexity
vmware CWE-502
7.2
2023-04-20 CVE-2023-20865 Command Injection vulnerability in VMWare Aria Operations for Logs and Cloud Foundation
VMware Aria Operations for Logs contains a command injection vulnerability.
network
low complexity
vmware CWE-77
7.2
2022-12-14 CVE-2022-31700 Unspecified vulnerability in VMWare Access, Cloud Foundation and Identity Manager
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability.
network
low complexity
vmware
7.2
2022-12-13 CVE-2022-31696 Out-of-bounds Write vulnerability in VMWare Esxi 6.5/6.7
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket.
local
low complexity
vmware CWE-787
8.8