Vulnerabilities > Vmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-21986 | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. | 9.8 |
| 2021-05-07 | CVE-2021-21984 | Missing Authorization vulnerability in VMWare Vrealize Business for Cloud 7.0 VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. | 9.8 |
| 2021-04-01 | CVE-2021-21982 | Improper Authentication vulnerability in VMWare Carbon Black Cloud Workload 1.0/1.0.1 VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. | 9.1 |
| 2021-03-15 | CVE-2021-26987 | Element Plug-in for vCenter Server incorporates SpringBoot Framework. | 9.8 |
| 2021-03-03 | CVE-2021-21978 | Missing Authorization vulnerability in VMWare View Planner 4.6 VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. | 9.8 |
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2020-11-24 | CVE-2020-4001 | Insecure Default Initialization of Resource vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. | 9.8 |
| 2020-11-23 | CVE-2020-4006 | OS Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.1 |
| 2020-11-11 | CVE-2020-5426 | Cleartext Transmission of Sensitive Information vulnerability in VMWare Pivotal Scheduler Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. | 9.8 |
| 2020-10-20 | CVE-2020-3992 | Use After Free vulnerability in VMWare Esxi 6.5/6.7 OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. | 9.8 |