Vulnerabilities > Vmware > Cloud Foundation > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-24 | CVE-2021-21980 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. | 7.5 |
| 2021-11-10 | CVE-2021-22048 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. | 8.8 |
| 2021-09-23 | CVE-2021-22015 | Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. | 7.8 |
| 2021-09-23 | CVE-2021-22019 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. | 7.5 |
| 2021-09-23 | CVE-2021-22006 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. | 7.5 |
| 2021-09-23 | CVE-2021-22008 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. | 7.5 |
| 2021-09-23 | CVE-2021-22009 | Exposure of Resource to Wrong Sphere vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. | 7.5 |
| 2021-09-23 | CVE-2021-22010 | Resource Exhaustion vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in VPXD service. | 7.5 |
| 2021-09-23 | CVE-2021-22012 | Missing Authentication for Critical Function vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. | 7.5 |
| 2021-09-23 | CVE-2021-22013 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. | 7.5 |