Vulnerabilities > Vmware > Cloud Foundation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2022-22957 | Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). | 7.2 |
| 2022-04-13 | CVE-2022-22958 | Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). | 7.2 |
| 2022-04-13 | CVE-2022-22960 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. | 7.8 |
| 2022-02-16 | CVE-2021-22042 | Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. | 7.8 |
| 2022-02-16 | CVE-2021-22050 | Allocation of Resources Without Limits or Throttling vulnerability in VMWare Esxi 6.5/6.7 ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. | 7.5 |
| 2022-02-16 | CVE-2022-22945 | OS Command Injection vulnerability in VMWare Cloud Foundation and NSX Data Center VMware NSX Edge contains a CLI shell injection vulnerability. | 7.8 |
| 2022-01-04 | CVE-2021-22045 | Out-of-bounds Write vulnerability in VMWare products VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. | 7.8 |
| 2021-11-24 | CVE-2021-21980 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. | 7.5 |
| 2021-11-10 | CVE-2021-22048 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. | 8.8 |
| 2021-09-23 | CVE-2021-22015 | Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. | 7.8 |