Vulnerabilities > Vmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-22053 | Code Injection vulnerability in VMWare Spring Cloud Netflix Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. | 8.8 |
| 2021-11-10 | CVE-2021-22048 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. | 8.8 |
| 2021-10-29 | CVE-2021-22037 | Uncontrolled Search Path Element vulnerability in VMWare Installbuilder Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. | 7.8 |
| 2021-10-29 | CVE-2021-22038 | Use of Insufficiently Random Values vulnerability in VMWare Installbuilder On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). | 8.8 |
| 2021-10-28 | CVE-2021-22044 | Exposure of Resource to Wrong Sphere vulnerability in VMWare Spring Cloud Openfeign In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. | 7.5 |
| 2021-10-21 | CVE-2021-22034 | Unspecified vulnerability in VMWare Vrealize Operations Tenant Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. | 7.5 |
| 2021-09-23 | CVE-2021-22015 | Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. | 7.8 |
| 2021-09-23 | CVE-2021-22019 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. | 7.5 |
| 2021-09-23 | CVE-2021-22006 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. | 7.5 |
| 2021-09-23 | CVE-2021-22008 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. | 7.5 |