Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-22048 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. | 8.8 |
| 2021-11-08 | CVE-2021-22051 | Incorrect Authorization vulnerability in VMWare Spring Cloud Gateway Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. | 6.5 |
| 2021-10-29 | CVE-2021-22037 | Uncontrolled Search Path Element vulnerability in VMWare Installbuilder Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. | 7.8 |
| 2021-10-29 | CVE-2021-22038 | Use of Insufficiently Random Values vulnerability in VMWare Installbuilder On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). | 8.8 |
| 2021-10-28 | CVE-2021-22044 | Exposure of Resource to Wrong Sphere vulnerability in VMWare Spring Cloud Openfeign In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. | 7.5 |
| 2021-10-28 | CVE-2021-22047 | Exposure of Resource to Wrong Sphere vulnerability in VMWare Spring Data Rest In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. | 5.3 |
| 2021-10-28 | CVE-2021-22096 | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | 4.3 |
| 2021-10-28 | CVE-2021-22097 | Deserialization of Untrusted Data vulnerability in VMWare Spring Advanced Message Queuing Protocol In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. | 6.5 |
| 2021-10-21 | CVE-2021-22034 | Unspecified vulnerability in VMWare Vrealize Operations Tenant Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. | 7.5 |
| 2021-10-13 | CVE-2021-22033 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | 2.7 |