Vulnerabilities > Vmware > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-28 | CVE-2021-22096 | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | 4.0 |
2021-10-28 | CVE-2021-22097 | Deserialization of Untrusted Data vulnerability in VMWare Spring Advanced Message Queuing Protocol In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. | 6.8 |
2021-10-21 | CVE-2021-22034 | Unspecified vulnerability in VMWare Vrealize Operations Tenant Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. | 5.0 |
2021-10-13 | CVE-2021-22033 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | 4.0 |
2021-10-13 | CVE-2021-22035 | Injection vulnerability in VMWare products VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. | 4.0 |
2021-10-13 | CVE-2021-22036 | Information Exposure vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. | 4.3 |
2021-09-23 | CVE-2021-22016 | Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. | 4.3 |
2021-09-23 | CVE-2021-22017 | Unspecified vulnerability in VMWare Vcenter Server 6.7 Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. | 5.0 |
2021-09-23 | CVE-2021-22018 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. | 6.4 |
2021-09-23 | CVE-2021-22019 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. | 5.0 |