Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-25	CVE-2023-34056	Unspecified vulnerability in VMWare Vcenter Server vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. network low complexity vmware	4.3
2022-12-13	CVE-2022-31697	Cleartext Storage of Sensitive Information vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. local low complexity vmware CWE-312	5.5
2022-12-13	CVE-2022-31698	Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in the content library service. network low complexity vmware	5.3
2022-03-29	CVE-2022-22948	Incorrect Default Permissions vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains an information disclosure vulnerability due to improper permission of files. network low complexity vmware CWE-276	6.5
2021-09-23	CVE-2021-22016	Cross-site Scripting vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. network low complexity vmware CWE-79	6.1
2021-09-23	CVE-2021-22017	Unspecified vulnerability in VMWare Vcenter Server 6.7 Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. network low complexity vmware	5.3
2021-09-23	CVE-2021-22018	Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. network low complexity vmware	6.5
2021-09-23	CVE-2021-22020	Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a denial-of-service vulnerability in the Analytics service. local low complexity vmware	5.5
2021-09-23	CVE-2021-21993	Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. network low complexity vmware CWE-918	6.5
2021-09-23	CVE-2021-22007	Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a local information disclosure vulnerability in the Analytics service. local low complexity vmware	5.5