Vulnerabilities > Vmware

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-22029 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Workspace ONE UEM Console
VMware Workspace ONE UEM REST API contains a denial of service vulnerability.
network
low complexity
vmware CWE-770
7.5
2021-08-30 CVE-2021-22021 Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vrealize LOG Insight
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation.
network
low complexity
vmware CWE-79
5.4
2021-08-30 CVE-2021-22022 Path Traversal vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability.
network
low complexity
vmware CWE-22
4.9
2021-08-30 CVE-2021-22023 Authorization Bypass Through User-Controlled Key vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability.
network
low complexity
vmware CWE-639
7.2
2021-08-30 CVE-2021-22024 Information Exposure Through Log Files vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability.
network
low complexity
vmware CWE-532
7.5
2021-08-30 CVE-2021-22025 Improper Authentication vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access.
network
low complexity
vmware CWE-287
7.5
2021-08-30 CVE-2021-22026 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point.
network
low complexity
vmware CWE-918
7.5
2021-08-30 CVE-2021-22027 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point.
network
low complexity
vmware CWE-918
7.5
2021-07-13 CVE-2021-21994 Improper Authentication vulnerability in VMWare Cloud Foundation and Esxi
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.
network
low complexity
vmware CWE-287
critical
9.8
2021-07-13 CVE-2021-21995 Out-of-bounds Read vulnerability in VMWare Cloud Foundation and Esxi
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue.
network
low complexity
vmware CWE-125
7.5