Vulnerabilities > Vmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2019-5523 | Session Fixation vulnerability in VMWare Vcloud Director 9.5.0.0/9.5.0.1/9.5.0.2 VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. | 9.8 |
| 2019-01-18 | CVE-2019-3772 | XXE vulnerability in multiple products Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | 9.8 |
| 2018-11-26 | CVE-2018-11066 | Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. | 9.8 |
| 2018-06-11 | CVE-2018-6968 | Unspecified vulnerability in VMWare Airwatch Agent The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. | 10.0 |
| 2018-04-13 | CVE-2018-6959 | Session Fixation vulnerability in VMWare Vrealize Automation VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. | 9.8 |
| 2018-04-11 | CVE-2018-1275 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |
| 2018-04-06 | CVE-2018-1270 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |
| 2018-03-29 | CVE-2016-0898 | Information Exposure Through Log Files vulnerability in VMWare Pivotal Software Mysql MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. | 10.0 |
| 2018-01-29 | CVE-2017-4947 | Deserialization of Untrusted Data vulnerability in VMWare Vrealize Automation and Vsphere Integrated Containers VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. | 9.8 |
| 2018-01-04 | CVE-2017-8046 | Improper Input Validation vulnerability in multiple products Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. | 9.8 |