Vulnerabilities > Vmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2022-31661 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities.
local
low complexity
vmware
7.8
2022-08-05 CVE-2022-31662 Path Traversal vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability.
network
low complexity
vmware CWE-22
7.5
2022-08-05 CVE-2022-31664 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability.
local
low complexity
vmware
7.8
2022-08-05 CVE-2022-31665 Injection vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability.
network
low complexity
vmware CWE-74
7.2
2022-07-13 CVE-2022-22982 Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains a server-side request forgery (SSRF) vulnerability.
network
low complexity
vmware CWE-918
7.5
2022-06-21 CVE-2022-22979 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Spring Cloud Function
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
network
low complexity
vmware CWE-770
7.5
2022-05-24 CVE-2022-22977 XXE vulnerability in VMWare Tools
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability.
local
low complexity
vmware CWE-611
7.1
2022-05-20 CVE-2022-22973 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability.
local
low complexity
vmware
7.8
2022-04-14 CVE-2022-22966 Unspecified vulnerability in VMWare Vcloud Director 10.1.0
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.
network
low complexity
vmware
7.2
2022-04-13 CVE-2022-22957 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2