Vulnerabilities > Vmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-04 CVE-2021-22045 Out-of-bounds Write vulnerability in VMWare products
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation.
local
high complexity
vmware CWE-787
7.8
2021-12-20 CVE-2021-22056 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability.
network
low complexity
vmware CWE-918
7.5
2021-12-20 CVE-2021-22057 Unspecified vulnerability in VMWare Workspace ONE Access
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability.
network
low complexity
vmware
8.8
2021-12-17 CVE-2021-22054 Server-Side Request Forgery (SSRF) vulnerability in VMWare Workspace ONE UEM Console
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability.
network
low complexity
vmware CWE-918
7.5
2021-11-24 CVE-2021-21980 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability.
network
low complexity
vmware
7.5
2021-11-19 CVE-2021-22053 Code Injection vulnerability in VMWare Spring Cloud Netflix
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates.
network
low complexity
vmware CWE-94
8.8
2021-11-10 CVE-2021-22048 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism.
network
low complexity
vmware
8.8
2021-10-29 CVE-2021-22037 Uncontrolled Search Path Element vulnerability in VMWare Installbuilder
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command.
local
low complexity
vmware CWE-427
7.8
2021-10-29 CVE-2021-22038 Use of Insufficiently Random Values vulnerability in VMWare Installbuilder
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory).
network
low complexity
vmware CWE-330
8.8
2021-10-28 CVE-2021-22044 Exposure of Resource to Wrong Sphere vulnerability in VMWare Spring Cloud Openfeign
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.
network
low complexity
vmware CWE-668
7.5