Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-22023 Authorization Bypass Through User-Controlled Key vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability.
network
low complexity
vmware CWE-639
6.5
6.5
2021-08-30 CVE-2021-22024 Information Exposure Through Log Files vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability.
network
low complexity
vmware CWE-532
5.0
5.0
2021-08-30 CVE-2021-22025 Improper Authentication vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access.
network
low complexity
vmware CWE-287
5.0
5.0
2021-08-30 CVE-2021-22026 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point.
network
low complexity
vmware CWE-918
5.0
5.0
2021-08-30 CVE-2021-22027 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point.
network
low complexity
vmware CWE-918
5.0
5.0
2021-07-13 CVE-2021-21994 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.
network
vmware CWE-287
6.8
6.8
2021-07-13 CVE-2021-21995 Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue.
network
low complexity
vmware CWE-125
5.0
5.0
2021-07-13 CVE-2021-22000 Improper Privilege Management vulnerability in VMWare Thinapp
VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs.
local
vmware CWE-269
6.9
6.9
2021-06-29 CVE-2021-22119 Incorrect Authorization vulnerability in multiple products
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application.
network
low complexity
vmware oracle CWE-863
7.5
7.5
2021-06-28 CVE-2021-32719 Cross-site Scripting vulnerability in VMWare Rabbitmq
RabbitMQ is a multi-protocol messaging broker.
network
vmware CWE-79
3.5
3.5