Vcenter Server

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-29	CVE-2022-22948	Incorrect Default Permissions vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an information disclosure vulnerability due to improper permission of files. network low complexity vmware CWE-276	4.0
2021-11-24	CVE-2021-21980	Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. network low complexity vmware	5.0
2021-11-24	CVE-2021-22049	Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. network low complexity vmware CWE-918	7.5
2021-11-10	CVE-2021-22048	Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. network low complexity vmware	8.8
2021-09-23	CVE-2021-22015	Files or Directories Accessible to External Parties vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. local low complexity vmware CWE-552	7.8
2021-09-23	CVE-2021-22016	Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. network vmware CWE-79	4.3
2021-09-23	CVE-2021-22017	Unspecified vulnerability in VMWare Vcenter Server 6.7 Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. network low complexity vmware	5.0
2021-09-23	CVE-2021-22018	Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. network low complexity vmware	6.4
2021-09-23	CVE-2021-22019	Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. network low complexity vmware	5.0
2021-09-23	CVE-2021-22020	Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in the Analytics service. local low complexity vmware	2.1