Cisco Virtualized Infrastructure Manager
Recent Cisco Virtualized Infrastructure Manager Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2022-04-20 | Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability | April 20, 2022 |
By the Year
In 2024 there have been 0 vulnerabilities in Cisco Virtualized Infrastructure Manager . Virtualized Infrastructure Manager did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 7.80 |
| 2021 | 1 | 10.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Virtualized Infrastructure Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Virtualized Infrastructure Manager Security Vulnerabilities
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could
CVE-2022-20732
7.8 - High
- April 21, 2022
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.
Incorrect Default Permissions
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2
CVE-2021-44228
10 - Critical
- December 10, 2021
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Percussion Rhythmyx or by Cisco? Click the Watch button to subscribe.
