Vulnerabilities > Vmware > Vcenter Server

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-22009 Exposure of Resource to Wrong Sphere vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service.
network
low complexity
vmware CWE-668
7.5
7.5
2021-09-23 CVE-2021-22010 Resource Exhaustion vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a denial-of-service vulnerability in VPXD service.
network
low complexity
vmware CWE-400
7.5
7.5
2021-09-23 CVE-2021-22011 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library.
network
low complexity
vmware
5.3
5.3
2021-09-23 CVE-2021-22012 Missing Authentication for Critical Function vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API.
network
low complexity
vmware CWE-306
7.5
7.5
2021-09-23 CVE-2021-22013 Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API.
network
low complexity
vmware CWE-22
7.5
7.5
2021-09-23 CVE-2021-22014 Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure).
network
low complexity
vmware
7.2
7.2
2021-09-22 CVE-2021-21991 Unspecified vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens.
local
low complexity
vmware
7.8
7.8
2021-09-22 CVE-2021-21992 Unspecified vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing.
network
low complexity
vmware
6.5
6.5
2021-05-26 CVE-2021-21985 Improper Input Validation vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
network
low complexity
vmware CWE-20
critical
 9.8
9.8
2021-05-26 CVE-2021-21986 Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins.
network
low complexity
vmware CWE-306
critical
 9.8
9.8