Vulnerabilities > Vmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-18 | CVE-2021-22117 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Rabbitmq RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | 7.8 |
| 2021-04-19 | CVE-2021-21981 | Improper Privilege Management vulnerability in VMWare Nsx-T Data Center 3.1.1 VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. | 7.8 |
| 2021-03-31 | CVE-2021-21975 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | 7.5 |
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 8.8 |
| 2021-02-23 | CVE-2021-22112 | Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). | 8.8 |
| 2021-02-11 | CVE-2021-21976 | OS Command Injection vulnerability in VMWare Vsphere Replication vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution. | 7.2 |
| 2021-01-27 | CVE-2020-5427 | SQL Injection vulnerability in VMWare Spring Cloud Data Flow In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | 7.2 |
| 2020-11-24 | CVE-2020-4002 | Unspecified vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/4.0.0 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. | 7.2 |
| 2020-11-24 | CVE-2020-4000 | Path Traversal vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/4.0.0 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. | 8.8 |
| 2020-11-24 | CVE-2020-3985 | Unspecified vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. | 8.8 |