Vulnerabilities > Vmware > Vcenter Server Appliance > 5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-08 | CVE-2014-8371 | Cryptographic Issues vulnerability in VMWare Vcenter Server Appliance 5.0/5.1/5.5 VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. | 4.3 |
| 2014-07-17 | CVE-2014-4258 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. | 6.5 |
| 2013-05-01 | CVE-2013-3107 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Appliance 5.0 VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | 4.3 |
| 2013-02-22 | CVE-2012-6326 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare Vcenter Server and Vcenter Server Appliance VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries. | 7.8 |
| 2012-12-21 | CVE-2012-6325 | Information Exposure vulnerability in VMWare Vcenter Server Appliance 5.0 VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
| 2012-12-21 | CVE-2012-6324 | Path Traversal vulnerability in VMWare Vcenter Server Appliance 5.0/5.1 Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |