Vulnerabilities > Vmware > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-22 CVE-2023-20855 XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability.
network
low complexity
vmware CWE-611
8.8
2023-02-22 CVE-2023-20858 Injection vulnerability in VMWare Carbon Black APP Control
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability.
network
low complexity
vmware CWE-74
7.2
2023-02-16 CVE-2022-36416 Unspecified vulnerability in VMWare Ixgben 1.10.0.1
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
vmware
7.8
2023-02-03 CVE-2023-20854 Improper Privilege Management vulnerability in VMWare Workstation 17.0
VMware Workstation contains an arbitrary file deletion vulnerability.
local
low complexity
vmware CWE-269
8.4
2023-02-01 CVE-2023-20856 Cross-Site Request Forgery (CSRF) vulnerability in VMWare Vrealize Operations
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability.
network
low complexity
vmware CWE-352
8.8
2023-01-26 CVE-2022-31710 Deserialization of Untrusted Data vulnerability in VMWare Vrealize LOG Insight
vRealize Log Insight contains a deserialization vulnerability.
network
low complexity
vmware CWE-502
7.5
2023-01-14 CVE-2023-22602 When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques.
network
low complexity
apache vmware
7.5
2022-12-16 CVE-2022-31707 Unspecified vulnerability in VMWare Vrealize Operations
vRealize Operations (vROps) contains a privilege escalation vulnerability.
network
low complexity
vmware
7.2
2022-12-14 CVE-2022-31700 Unspecified vulnerability in VMWare Access, Cloud Foundation and Identity Manager
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability.
network
low complexity
vmware
7.2
2022-12-14 CVE-2022-31703 Path Traversal vulnerability in VMWare Vrealize LOG Insight
The vRealize Log Insight contains a Directory Traversal Vulnerability.
network
low complexity
vmware CWE-22
7.5