Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2021-21989 | Out-of-bounds Read vulnerability in VMWare Horizon Client and Workstation VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). | 2.1 |
| 2021-05-18 | CVE-2021-22117 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Rabbitmq RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | 7.8 |
| 2021-05-11 | CVE-2021-21990 | Cross-site Scripting vulnerability in VMWare Workspace ONE Unified Endpoint Management VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. | 4.3 |
| 2021-05-07 | CVE-2021-21984 | Command Injection vulnerability in VMWare Vrealize Business for Cloud 7.0 VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. | 7.5 |
| 2021-04-01 | CVE-2021-21982 | Improper Authentication vulnerability in VMWare Carbon Black Cloud Workload VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. | 6.4 |
| 2021-03-31 | CVE-2021-21983 | Unspecified vulnerability in VMWare products Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | 8.5 |
| 2021-03-31 | CVE-2021-21975 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | 5.0 |
| 2021-03-15 | CVE-2021-26987 | Element Plug-in for vCenter Server incorporates SpringBoot Framework. | 7.5 |
| 2021-03-03 | CVE-2021-21978 | Missing Authorization vulnerability in VMWare View Planner 4.6 VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. | 9.8 |
| 2021-03-01 | CVE-2021-22114 | Path Traversal vulnerability in VMWare Spring Integration ZIP Addresses partial fix in CVE-2018-1263. | 5.0 |