Vulnerabilities > Vmware > Cloud Foundation > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-10 CVE-2021-22048 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.
network
low complexity
vmware
8.8
2021-09-23 CVE-2021-22015 Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories.
local
low complexity
vmware CWE-552
7.8
2021-09-23 CVE-2021-22019 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service.
network
low complexity
vmware
7.5
2021-09-23 CVE-2021-22006 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI.
network
low complexity
vmware
7.5
2021-09-23 CVE-2021-22008 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service.
network
low complexity
vmware
7.5
2021-09-23 CVE-2021-22009 Exposure of Resource to Wrong Sphere vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service.
network
low complexity
vmware CWE-668
7.5
2021-09-23 CVE-2021-22010 Resource Exhaustion vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a denial-of-service vulnerability in VPXD service.
network
low complexity
vmware CWE-400
7.5
2021-09-23 CVE-2021-22012 Missing Authentication for Critical Function vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API.
network
low complexity
vmware CWE-306
7.5
2021-09-23 CVE-2021-22013 Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API.
network
low complexity
vmware CWE-22
7.5
2021-09-23 CVE-2021-22014 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure).
network
low complexity
vmware
7.2