Vulnerabilities > Vmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-34047 | Unspecified vulnerability in VMWare Spring for Graphql A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. | 4.3 |
| 2023-08-04 | CVE-2023-34037 | HTTP Request Smuggling vulnerability in VMWare Horizon Client VMware Horizon Server contains a HTTP request smuggling vulnerability. | 5.3 |
| 2023-08-04 | CVE-2023-34038 | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Server contains an information disclosure vulnerability. | 5.3 |
| 2023-07-26 | CVE-2023-20891 | Information Exposure Through Log Files vulnerability in VMWare products The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. | 6.5 |
| 2023-07-18 | CVE-2023-34035 | Incorrect Authorization vulnerability in VMWare Spring Security Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints | 5.3 |
| 2023-07-17 | CVE-2023-34036 | Improper Encoding or Escaping of Output vulnerability in VMWare Spring Hateoas Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded… headers. | 5.3 |
| 2023-06-07 | CVE-2022-31693 | Unspecified vulnerability in VMWare Tools VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. | 5.5 |
| 2023-05-30 | CVE-2023-20884 | Open Redirect vulnerability in VMWare products VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | 6.1 |
| 2023-05-26 | CVE-2023-20868 | Cross-site Scripting vulnerability in VMWare Nsx-T Data Center NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. | 6.1 |
| 2023-05-12 | CVE-2023-20879 | Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a Local privilege escalation vulnerability. | 6.7 |