Vulnerabilities > Vmware > Vcenter Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-20895 | Out-of-bounds Write vulnerability in VMWare Vcenter Server The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | 9.8 |
| 2022-12-13 | CVE-2022-31697 | Cleartext Storage of Sensitive Information vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. | 5.5 |
| 2022-12-13 | CVE-2022-31698 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in the content library service. | 5.3 |
| 2022-10-07 | CVE-2022-31680 | Deserialization of Untrusted Data vulnerability in VMWare Vcenter Server The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). | 9.1 |
| 2022-07-13 | CVE-2022-22982 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains a server-side request forgery (SSRF) vulnerability. | 7.5 |
| 2022-03-29 | CVE-2022-22948 | Incorrect Default Permissions vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains an information disclosure vulnerability due to improper permission of files. | 6.5 |
| 2021-11-24 | CVE-2021-21980 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. | 7.5 |
| 2021-11-24 | CVE-2021-22049 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. | 9.8 |
| 2021-11-10 | CVE-2021-22048 | Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. | 8.8 |
| 2021-09-23 | CVE-2021-22015 | Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. | 7.8 |