Vulnerabilities > Vmware > Cloud Foundation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2022-22948 | Incorrect Default Permissions vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains an information disclosure vulnerability due to improper permission of files. | 6.5 |
| 2022-02-16 | CVE-2021-22040 | Use After Free vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. | 6.7 |
| 2022-02-16 | CVE-2021-22041 | Unspecified vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. | 6.7 |
| 2022-02-04 | CVE-2022-22939 | Information Exposure Through Log Files vulnerability in VMWare Cloud Foundation VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. | 4.9 |
| 2021-10-13 | CVE-2021-22035 | Injection vulnerability in VMWare products VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. | 4.3 |
| 2021-09-23 | CVE-2021-22016 | Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. | 6.1 |
| 2021-09-23 | CVE-2021-22018 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. | 6.5 |
| 2021-09-23 | CVE-2021-22020 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in the Analytics service. | 5.5 |
| 2021-09-23 | CVE-2021-21993 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. | 6.5 |
| 2021-09-23 | CVE-2021-22007 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a local information disclosure vulnerability in the Analytics service. | 5.5 |