Vulnerabilities > Vmware > Cloud Foundation > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-13 CVE-2022-22982 Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains a server-side request forgery (SSRF) vulnerability.
network
low complexity
vmware CWE-918
7.5
2022-05-20 CVE-2022-22973 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability.
local
low complexity
vmware
7.8
2022-04-13 CVE-2022-22957 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
2022-04-13 CVE-2022-22958 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
2022-04-13 CVE-2022-22960 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
local
low complexity
vmware CWE-732
7.8
2022-02-16 CVE-2021-22042 Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets.
local
low complexity
vmware CWE-863
7.8
2022-02-16 CVE-2021-22050 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Esxi 6.5/6.7
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy.
network
low complexity
vmware CWE-770
7.5
2022-02-16 CVE-2022-22945 OS Command Injection vulnerability in VMWare Cloud Foundation and NSX Data Center
VMware NSX Edge contains a CLI shell injection vulnerability.
local
low complexity
vmware CWE-78
7.8
2022-01-04 CVE-2021-22045 Out-of-bounds Write vulnerability in VMWare products
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation.
local
high complexity
vmware CWE-787
7.8
2021-11-24 CVE-2021-21980 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability.
network
low complexity
vmware
7.5