Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-20 | CVE-2018-6960 | Improper Authentication vulnerability in VMWare Horizon Daas VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. | 6.5 |
| 2018-04-13 | CVE-2018-6958 | Cross-site Scripting vulnerability in VMWare Vrealize Automation VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. | 4.3 |
| 2018-04-13 | CVE-2018-5511 | Unsafe Reflection vulnerability in multiple products On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | 6.5 |
| 2018-04-06 | CVE-2018-1272 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. | 6.0 |
| 2018-04-06 | CVE-2018-1271 | Path Traversal vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. | 4.3 |
| 2018-03-29 | CVE-2016-0898 | Information Exposure Through Log Files vulnerability in VMWare Pivotal Software Mysql MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. | 5.0 |
| 2018-03-19 | CVE-2018-1196 | Link Following vulnerability in VMWare Spring Boot Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. | 4.3 |
| 2018-03-16 | CVE-2018-1199 | Improper Input Validation vulnerability in multiple products Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. | 5.3 |
| 2018-01-29 | CVE-2017-4951 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Airwatch VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. | 6.8 |
| 2018-01-11 | CVE-2017-4950 | Integer Overflow or Wraparound vulnerability in VMWare Fusion and Workstation VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. | 6.9 |