Vulnerabilities > Vmware > Cloud Foundation > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-22 CVE-2021-21991 Unspecified vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens.
local
low complexity
vmware
7.8
2021-08-31 CVE-2021-22003 Improper Restriction of Excessive Authentication Attempts vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443.
network
low complexity
vmware CWE-307
7.5
2021-08-30 CVE-2021-22023 Authorization Bypass Through User-Controlled Key vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability.
network
low complexity
vmware CWE-639
7.2
2021-08-30 CVE-2021-22024 Information Exposure Through Log Files vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability.
network
low complexity
vmware CWE-532
7.5
2021-08-30 CVE-2021-22025 Improper Authentication vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access.
network
low complexity
vmware CWE-287
7.5
2021-08-30 CVE-2021-22026 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point.
network
low complexity
vmware CWE-918
7.5
2021-08-30 CVE-2021-22027 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point.
network
low complexity
vmware CWE-918
7.5
2021-07-13 CVE-2021-21995 Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue.
network
low complexity
vmware CWE-125
7.5
2021-03-31 CVE-2021-21975 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
network
low complexity
vmware CWE-918
7.5
2021-02-24 CVE-2021-21974 Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability.
low complexity
vmware CWE-787
8.8