Vulnerabilities > Vmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2022-22945 | OS Command Injection vulnerability in VMWare Cloud Foundation and NSX Data Center VMware NSX Edge contains a CLI shell injection vulnerability. | 7.8 |
| 2022-01-04 | CVE-2021-22045 | Out-of-bounds Write vulnerability in VMWare products VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. | 7.8 |
| 2021-12-20 | CVE-2021-22056 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. | 7.5 |
| 2021-12-20 | CVE-2021-22057 | Unspecified vulnerability in VMWare Workspace ONE Access VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. | 8.8 |
| 2021-12-17 | CVE-2021-22054 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Workspace ONE UEM Console VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. | 7.5 |
| 2021-11-24 | CVE-2021-21980 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. | 7.5 |
| 2021-11-19 | CVE-2021-22053 | Code Injection vulnerability in VMWare Spring Cloud Netflix Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. | 8.8 |
| 2021-11-10 | CVE-2021-22048 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. | 8.8 |
| 2021-10-29 | CVE-2021-22037 | Uncontrolled Search Path Element vulnerability in VMWare Installbuilder Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. | 7.8 |
| 2021-10-29 | CVE-2021-22038 | Use of Insufficiently Random Values vulnerability in VMWare Installbuilder On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). | 8.8 |