Vulnerabilities > Vmware > Vrealize Suite Lifecycle Manager

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-22002 Improper Authentication vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header.
network
low complexity
vmware CWE-287
critical
9.8
2021-08-31 CVE-2021-22003 Improper Restriction of Excessive Authentication Attempts vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443.
network
low complexity
vmware CWE-307
7.5
2021-08-30 CVE-2021-22022 Path Traversal vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability.
network
low complexity
vmware CWE-22
4.9
2021-08-30 CVE-2021-22023 Authorization Bypass Through User-Controlled Key vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability.
network
low complexity
vmware CWE-639
7.2
2021-08-30 CVE-2021-22024 Information Exposure Through Log Files vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability.
network
low complexity
vmware CWE-532
7.5
2021-08-30 CVE-2021-22025 Improper Authentication vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access.
network
low complexity
vmware CWE-287
7.5
2021-08-30 CVE-2021-22026 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point.
network
low complexity
vmware CWE-918
7.5
2021-08-30 CVE-2021-22027 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point.
network
low complexity
vmware CWE-918
7.5
2021-03-31 CVE-2021-21983 Unspecified vulnerability in VMWare products
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
network
low complexity
vmware
6.5
2021-03-31 CVE-2021-21975 Server-Side Request Forgery (SSRF) vulnerability in VMWare products
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
network
low complexity
vmware CWE-918
7.5