Vulnerabilities > Vmware > Installbuilder > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-29 CVE-2021-22037 Uncontrolled Search Path Element vulnerability in VMWare Installbuilder
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command.
local
low complexity
vmware CWE-427
7.8
2021-10-29 CVE-2021-22038 Use of Insufficiently Random Values vulnerability in VMWare Installbuilder
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory).
network
low complexity
vmware CWE-330
8.8
2020-04-20 CVE-2020-3946 XML Entity Expansion vulnerability in VMWare Installbuilder
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
network
low complexity
vmware CWE-776
7.5