Vulnerabilities > Vmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-20873 | Unspecified vulnerability in VMWare Spring Boot In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. | 9.8 |
| 2023-04-19 | CVE-2023-20862 | Incomplete Cleanup vulnerability in multiple products In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. | 6.3 |
| 2023-04-13 | CVE-2023-20863 | Expression Language Injection vulnerability in VMWare Spring Framework In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | 6.5 |
| 2023-04-13 | CVE-2023-20866 | Unspecified vulnerability in VMWare Spring Session 3.0.0 In Spring Session version 3.0.0, the session id can be logged to the standard output stream. | 6.5 |
| 2023-03-27 | CVE-2023-20860 | Unspecified vulnerability in VMWare Spring Framework Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | 7.5 |
| 2023-03-23 | CVE-2023-20859 | Information Exposure Through Log Files vulnerability in VMWare products In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. | 5.5 |
| 2023-03-23 | CVE-2023-20861 | Unspecified vulnerability in VMWare Spring Framework In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | 6.5 |
| 2023-02-28 | CVE-2023-20857 | Missing Authentication for Critical Function vulnerability in VMWare Workspace ONE Content 3.20/3.20.1/3.21 VMware Workspace ONE Content contains a passcode bypass vulnerability. | 6.8 |
| 2023-02-22 | CVE-2023-20855 | XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. | 8.8 |
| 2023-02-22 | CVE-2023-20858 | Injection vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. | 7.2 |