Vulnerabilities > Vmware > Vcenter Server > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-22013 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. | 7.5 |
| 2021-09-23 | CVE-2021-22014 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). | 7.2 |
| 2021-09-22 | CVE-2021-21991 | Unspecified vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. | 7.8 |
| 2021-09-22 | CVE-2021-21992 | Unspecified vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. | 6.5 |
| 2021-05-26 | CVE-2021-21985 | Improper Input Validation vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. | 9.8 |
| 2021-05-26 | CVE-2021-21986 | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. | 9.8 |
| 2021-02-24 | CVE-2021-21973 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. | 5.3 |
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2020-08-21 | CVE-2020-3976 | Resource Exhaustion vulnerability in VMWare Esxi and Vcenter Server VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. | 5.3 |