Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-22 | CVE-2021-21992 | Unspecified vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. | 6.5 |
| 2021-09-15 | CVE-2020-3960 | Out-of-bounds Read vulnerability in VMWare Fusion, Vsphere Esxi and Workstation VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. | 8.4 |
| 2021-08-31 | CVE-2021-22002 | Improper Authentication vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. | 9.8 |
| 2021-08-31 | CVE-2021-22003 | Improper Restriction of Excessive Authentication Attempts vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. | 7.5 |
| 2021-08-31 | CVE-2021-22029 | Allocation of Resources Without Limits or Throttling vulnerability in VMWare Workspace ONE UEM Console VMware Workspace ONE UEM REST API contains a denial of service vulnerability. | 7.5 |
| 2021-08-30 | CVE-2021-22021 | Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vrealize LOG Insight VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. | 5.4 |
| 2021-08-30 | CVE-2021-22022 | Path Traversal vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. | 4.9 |
| 2021-08-30 | CVE-2021-22023 | Authorization Bypass Through User-Controlled Key vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. | 7.2 |
| 2021-08-30 | CVE-2021-22024 | Information Exposure Through Log Files vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. | 7.5 |
| 2021-08-30 | CVE-2021-22025 | Improper Authentication vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. | 7.5 |