Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-31 | CVE-2021-21983 | Unspecified vulnerability in VMWare products Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | 6.5 |
| 2021-03-01 | CVE-2021-22114 | Path Traversal vulnerability in VMWare Spring Integration ZIP Addresses partial fix in CVE-2018-1263. | 5.3 |
| 2021-02-24 | CVE-2021-21973 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. | 5.3 |
| 2021-02-23 | CVE-2021-22113 | Incorrect Authorization vulnerability in VMWare Spring Cloud Netflix Zuul 2.2.4/2.2.5/2.2.6 Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. | 5.3 |
| 2021-01-27 | CVE-2020-5428 | SQL Injection vulnerability in VMWare Spring Cloud Task In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | 6.0 |
| 2020-12-21 | CVE-2020-3999 | Improper Input Validation vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. | 6.5 |
| 2020-11-24 | CVE-2020-4003 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/4.0.0 VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. | 6.5 |
| 2020-11-24 | CVE-2020-3984 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. | 6.5 |
| 2020-10-23 | CVE-2020-3998 | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. | 6.5 |
| 2020-10-23 | CVE-2020-3997 | Cross-site Scripting vulnerability in VMWare Horizon VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. | 5.4 |