Vulnerabilities > Vmware > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-27 | CVE-2020-5428 | SQL Injection vulnerability in VMWare Spring Cloud Task In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | 6.5 |
2021-01-27 | CVE-2020-5427 | SQL Injection vulnerability in VMWare Spring Cloud Data Flow In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | 6.5 |
2020-11-24 | CVE-2020-4003 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. | 4.0 |
2020-11-24 | CVE-2020-4002 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. | 6.5 |
2020-11-24 | CVE-2020-4000 | Path Traversal vulnerability in VMWare Sd-Wan Orchestrator The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. | 6.5 |
2020-11-24 | CVE-2020-3985 | Improper Privilege Management vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. | 6.5 |
2020-11-24 | CVE-2020-3984 | SQL Injection vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4 The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. | 4.0 |
2020-11-20 | CVE-2020-4004 | Use After Free vulnerability in VMWare products VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. | 4.6 |
2020-11-11 | CVE-2020-5426 | Cleartext Transmission of Sensitive Information vulnerability in VMWare Pivotal Scheduler Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. | 4.3 |
2020-10-31 | CVE-2020-5425 | Improper Authentication vulnerability in VMWare Single Sign-On for Tanzu Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. | 4.6 |