Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-27 | CVE-2020-5428 | SQL Injection vulnerability in VMWare Spring Cloud Task In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | 6.0 |
| 2021-01-27 | CVE-2020-5427 | SQL Injection vulnerability in VMWare Spring Cloud Data Flow In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | 7.2 |
| 2020-12-21 | CVE-2020-3999 | Improper Input Validation vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. | 6.5 |
| 2020-12-16 | CVE-2020-4008 | Unspecified vulnerability in VMWare Carbon Black Cloud The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. | 3.6 |
| 2020-11-24 | CVE-2020-4003 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. | 6.5 |
| 2020-11-24 | CVE-2020-4002 | Unspecified vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. | 7.2 |
| 2020-11-24 | CVE-2020-4001 | Insecure Default Initialization of Resource vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. | 9.8 |
| 2020-11-24 | CVE-2020-4000 | Path Traversal vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. | 8.8 |
| 2020-11-24 | CVE-2020-3985 | Unspecified vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. | 8.8 |
| 2020-11-24 | CVE-2020-3984 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. | 6.5 |