Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2021-02-23 | CVE-2021-22112 | Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). | 8.8 |
| 2021-02-23 | CVE-2021-22113 | Incorrect Authorization vulnerability in VMWare Spring Cloud Netflix Zuul 2.2.4/2.2.5/2.2.6 Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. | 5.3 |
| 2021-02-11 | CVE-2021-21976 | OS Command Injection vulnerability in VMWare Vsphere Replication vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution. | 7.2 |
| 2021-01-27 | CVE-2020-5428 | SQL Injection vulnerability in VMWare Spring Cloud Task In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | 6.0 |
| 2021-01-27 | CVE-2020-5427 | SQL Injection vulnerability in VMWare Spring Cloud Data Flow In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | 7.2 |
| 2020-12-21 | CVE-2020-3999 | Improper Input Validation vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. | 6.5 |
| 2020-12-16 | CVE-2020-4008 | Unspecified vulnerability in VMWare Carbon Black Cloud The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. | 3.6 |
| 2020-11-24 | CVE-2020-4003 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. | 6.5 |
| 2020-11-24 | CVE-2020-4002 | Unspecified vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. | 7.2 |