VMware VMware

Do you want an email whenever new security vulnerabilities are reported in any VMware product?

Products by VMware Sorted by Most Security Vulnerabilities since 2018

VMware Cloud Foundation83 vulnerabilities

VMware Esxi75 vulnerabilities

VMware Workstation64 vulnerabilities

VMware Vcenter Server50 vulnerabilities

VMware Fusion42 vulnerabilities

VMware Spring Framework40 vulnerabilities

VMware Esx23 vulnerabilities

VMware Spring Security20 vulnerabilities

VMware Workstation Pro15 vulnerabilities

VMware Workstation Player14 vulnerabilities

VMware Rabbitmq14 vulnerabilities

VMware Vrealize Operations13 vulnerabilities

VMware Vrealize Log Insight12 vulnerabilities

VMware Spring Boot7 vulnerabilities

VMware Vrealize Automation7 vulnerabilities

VMware Sd Wan Orchestrator6 vulnerabilities

VMware Tools5 vulnerabilities

VMware Workspace One Assist5 vulnerabilities

VMware Open Vm Tools4 vulnerabilities

VMware Player4 vulnerabilities

VMware Server4 vulnerabilities

VMware Spring Cloud Config4 vulnerabilities

VMware Horizon3 vulnerabilities

VMware Horizon Client3 vulnerabilities

VMware Horizon Daas3 vulnerabilities

VMware Installbuilder3 vulnerabilities

VMware Nsx T Data Center3 vulnerabilities

VMware Photon Os3 vulnerabilities

VMware Spring Cloud Gateway3 vulnerabilities

VMware Vma3 vulnerabilities

VMware Access2 vulnerabilities

VMware Ace2 vulnerabilities

VMware Airwatch Console2 vulnerabilities

VMware Aria Operations2 vulnerabilities

VMware Hyperic Server2 vulnerabilities

VMware Identity Manager2 vulnerabilities

VMware Ixgben2 vulnerabilities

VMware Nsx Data Center2 vulnerabilities

VMware Pinniped2 vulnerabilities

VMware Remote Console2 vulnerabilities

VMware Spring Cloud Function2 vulnerabilities

VMware Spring Data Rest2 vulnerabilities

VMware Vcloud Director2 vulnerabilities

VMware Workspace One Content2 vulnerabilities

VMware Vrealize Orchestrator2 vulnerabilities

VMware Vsphere Esxi2 vulnerabilities

VMware Workspace One Boxer2 vulnerabilities

VMware Airwatch Agent1 vulnerability

VMware App Volumes1 vulnerability

VMware Bosh Editor1 vulnerability

VMware Greenplum Database1 vulnerability

VMware Horizon View1 vulnerability

VMware Hyperic Agent1 vulnerability

VMware Intelligent Hub1 vulnerability

VMware Pivotal Scheduler1 vulnerability

VMware Spring1 vulnerability

VMware Spring Boot Tools1 vulnerability

VMware Spring Cloud Vault1 vulnerability

VMware Spring For Graphql1 vulnerability

VMware Spring Hateoas1 vulnerability

VMware Spring Integration1 vulnerability

VMware Spring Session1 vulnerability

VMware Spring Social1 vulnerability

VMware Spring Tools1 vulnerability

VMware Spring Vault1 vulnerability

VMware Thinapp1 vulnerability

VMware Velero1 vulnerability

VMware View Planner1 vulnerability

Vmware Hcx1 vulnerability

Recent VMware Security Advisories

Advisory Title Published
VMSA-2021-0006 VMSA-2021-0006 April 19, 2021
VMSA-2021-0003 VMSA-2021-0003 April 6, 2021
VMSA-2021-0002 VMSA-2021-0002 April 6, 2021
VMSA-2021-0001 VMSA-2021-0001 April 6, 2021
VMSA-2021-0004 VMSA-2021-0004 April 6, 2021
VMSA-2021-0005 VMSA-2021-0005 April 6, 2021

Known Exploited VMware Vulnerabilities

The following VMware vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
VMware vCenter Server Out-of-Bounds Write Vulnerability VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution. CVE-2023-34048 January 22, 2024
VMware Tools Authentication Bypass Vulnerability VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability. CVE-2023-20867 June 23, 2023
Vmware Aria Operations for Networks Command Injection Vulnerability VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution. CVE-2023-20887 June 22, 2023
VMware Spring Cloud Gateway Code Injection Vulnerability Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. CVE-2022-22947 May 16, 2022
VMware Multiple Products Privilege Escalation Vulnerability VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. CVE-2022-22960 April 15, 2022
VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. CVE-2022-22954 April 14, 2022
Spring Framework JDK 9+ Remote Code Execution Vulnerability Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. CVE-2022-22965 April 4, 2022
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution. CVE-2018-6961 March 25, 2022
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure. CVE-2021-21973 March 7, 2022
VMware Server Side Request Forgery in vRealize Operations Manager API Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials. CVE-2021-21975 January 18, 2022
VMware vCenter Server Improper Access Control Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. CVE-2021-22017 January 10, 2022
VMware ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability OpenSLP as used in ESXi and the Horizon DaaS appliances have a heap overwrite issue. A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution. CVE-2019-5544 November 3, 2021
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Comm VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. CVE-2020-4006 November 3, 2021
VMware vCenter Server Remote Code Execution Vulnerability The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. CVE-2021-21985 November 3, 2021
VMware vCenter Server Remote Code Execution Vulnerability The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. CVE-2021-21972 November 3, 2021
VMware vCenter Server Info Disclosure Vulnerability Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. CVE-2020-3952 November 3, 2021
VMware vCenter Server File Upload VMware vCenter Server file upload vulnerability in the VMware-analytics service that allows to execute code on vCenter Server. CVE-2021-22005 November 3, 2021
VMware Privilege escalation vulnerability Privilege escalation vulnerability due to improper use of setuid binaries. CVE-2020-3950 November 3, 2021
OpenSLP as used in VMware ESXi OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. CVE-2020-3992 November 3, 2021

By the Year

In 2024 there have been 9 vulnerabilities in VMware with an average score of 6.3 out of ten. Last year VMware had 65 security vulnerabilities published. Right now, VMware is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 1.00

Year Vulnerabilities Average Score
2024 9 6.32
2023 65 7.32
2022 78 7.20
2021 77 7.29
2020 60 7.00
2019 31 7.16
2018 50 7.41

It may take a day or so for new VMware vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent VMware Security Vulnerabilities

Aria Operations for Networks contains a local privilege escalation vulnerability

CVE-2024-22237 7.8 - High - February 06, 2024

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.

Improper Privilege Management

Aria Operations for Networks contains a cross site scripting vulnerability

CVE-2024-22241 4.8 - Medium - February 06, 2024

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.  

XSS

Aria Operations for Networks contains a local file read vulnerability

CVE-2024-22240 4.9 - Medium - February 06, 2024

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.

Files or Directories Accessible to External Parties

Aria Operations for Networks contains a local privilege escalation vulnerability

CVE-2024-22239 7.8 - High - February 06, 2024

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.

Improper Privilege Management

Aria Operations for Networks contains a cross site scripting vulnerability

CVE-2024-22238 4.8 - Medium - February 06, 2024

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.

XSS

The spring-security.xsd file inside the spring-security-config jar is world writable which means

CVE-2023-34042 5.5 - Medium - February 05, 2024

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of CWE-732: Incorrect Permission Assignment for Critical Resource and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.

Incorrect Permission Assignment for Critical Resource

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure

CVE-2024-22236 5.5 - Medium - January 31, 2024

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.

Incorrect Permission Assignment for Critical Resource

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests

CVE-2024-22233 7.5 - High - January 22, 2024

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.

Aria Automation contains a Missing Access Control vulnerability

CVE-2023-34063 8.3 - High - January 16, 2024

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

AuthZ

The vmwgfx driver contains a local privilege escalation vulnerability

CVE-2022-22942 7.8 - High - December 13, 2023

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

Dangling pointer

Workspace ONE Launcher contains a Privilege Escalation Vulnerability

CVE-2023-34064 4.6 - Medium - December 12, 2023

Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests

CVE-2023-34053 7.5 - High - November 28, 2023

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests

CVE-2023-34055 6.5 - Medium - November 28, 2023

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath

VMware Workspace ONE UEM console contains an open redirect vulnerability

CVE-2023-20886 6.1 - Medium - October 31, 2023

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.

Open Redirect

VMware Tools contains a SAML token signature bypass vulnerability

CVE-2023-34058 7.5 - High - October 27, 2023

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

Improper Verification of Cryptographic Signature

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper

CVE-2023-34059 7 - High - October 27, 2023

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

RabbitMQ is a multi-protocol messaging and streaming broker

CVE-2023-46118 4.9 - Medium - October 25, 2023

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Resource Exhaustion

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes

CVE-2023-46120 7.5 - High - October 25, 2023

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.

Resource Exhaustion

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol

CVE-2023-34048 9.8 - Critical - October 25, 2023

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

Memory Corruption

vCenter Server contains a partial information disclosure vulnerability

CVE-2023-34056 4.3 - Medium - October 25, 2023

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability

CVE-2023-34044 6 - Medium - October 20, 2023

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

Out-of-bounds Read

VMware Aria Operations for Logs contains an authentication bypass vulnerability

CVE-2023-34051 9.8 - Critical - October 20, 2023

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

AuthZ

VMware Aria Operations for Logs contains a deserialization vulnerability

CVE-2023-34052 7.8 - High - October 20, 2023

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.

Marshaling, Unmarshaling

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9

CVE-2023-34050 4.3 - Medium - October 19, 2023

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content

Marshaling, Unmarshaling

VMware Aria Operations contains a local privilege escalation vulnerability

CVE-2023-34043 6.7 - Medium - September 27, 2023

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

Improper Privilege Management

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values

CVE-2023-34047 4.3 - Medium - September 20, 2023

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.

Aria Operations for Networks contains an arbitrary file write vulnerability

CVE-2023-20890 7.2 - High - August 29, 2023

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

Directory traversal

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation

CVE-2023-34039 9.8 - Critical - August 29, 2023

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

Use of a Broken or Risky Cryptographic Algorithm

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier

CVE-2023-34040 7.8 - High - August 24, 2023

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.

Marshaling, Unmarshaling

VMware Horizon Server contains a HTTP request smuggling vulnerability

CVE-2023-34037 5.3 - Medium - August 04, 2023

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.

HTTP Request Smuggling

VMware Horizon Server contains an information disclosure vulnerability

CVE-2023-34038 5.3 - Medium - August 04, 2023

VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs

CVE-2023-20891 6.5 - Medium - July 26, 2023

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.

Insertion of Sensitive Information into Log File

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux

CVE-2023-34034 9.8 - Critical - July 19, 2023

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.

Spring Security versions 5.8 prior to 5.8.5

CVE-2023-34035 5.3 - Medium - July 18, 2023

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVCs DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVCs DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVCs DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints

AuthZ

Reactive web applications

CVE-2023-34036 5.3 - Medium - July 17, 2023

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded headers.

Output Sanitization

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol

CVE-2023-20896 7.5 - High - June 22, 2023

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).

Out-of-bounds Read

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol

CVE-2023-20894 9.8 - Critical - June 22, 2023

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.

Memory Corruption

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol

CVE-2023-20895 9.8 - Critical - June 22, 2023

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

Memory Corruption

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol

CVE-2023-20892 9.8 - Critical - June 22, 2023

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.

Memory Corruption

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol

CVE-2023-20893 9.8 - Critical - June 22, 2023

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

Dangling pointer

A fully compromised ESXi host

CVE-2023-20867 3.9 - Low - June 13, 2023

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

authentification

Aria Operations for Networks contains a command injection vulnerability

CVE-2023-20887 9.8 - Critical - June 07, 2023

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

Command Injection

Aria Operations for Networks contains an authenticated deserialization vulnerability

CVE-2023-20888 8.8 - High - June 07, 2023

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.

Marshaling, Unmarshaling

Aria Operations for Networks contains an information disclosure vulnerability

CVE-2023-20889 7.5 - High - June 07, 2023

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.

Command Injection

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability

CVE-2023-20884 6.1 - Medium - May 30, 2023

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

Open Redirect

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation

CVE-2023-20868 6.1 - Medium - May 26, 2023

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.

XSS

In Spring Boot versions 3.0.0 - 3.0.6

CVE-2023-20883 7.5 - High - May 26, 2023

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

Resource Exhaustion

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL

CVE-2023-31131 9.1 - Critical - May 15, 2023

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.

Directory traversal

VMware Aria Operations contains a privilege escalation vulnerability

CVE-2023-20877 8.8 - High - May 12, 2023

VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.

VMware Aria Operations contains a deserialization vulnerability

CVE-2023-20878 7.2 - High - May 12, 2023

VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.

Marshaling, Unmarshaling

VMware Aria Operations contains a Local privilege escalation vulnerability

CVE-2023-20879 6.7 - Medium - May 12, 2023

VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.

VMware Aria Operations contains a privilege escalation vulnerability

CVE-2023-20880 6.7 - Medium - May 12, 2023

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability

CVE-2023-20869 8.2 - High - April 25, 2023

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

Memory Corruption

VMware Workstation and Fusion contain an out-of-bounds read vulnerability

CVE-2023-20870 6 - Medium - April 25, 2023

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

Out-of-bounds Read

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.

CVE-2023-20872 8.8 - High - April 25, 2023

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.

Memory Corruption

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services

CVE-2023-29552 7.5 - High - April 25, 2023

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

VMware Aria Operations for Logs contains a deserialization vulnerability

CVE-2023-20864 9.8 - Critical - April 20, 2023

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

Marshaling, Unmarshaling

VMware Aria Operations for Logs contains a command injection vulnerability

CVE-2023-20865 7.2 - High - April 20, 2023

VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.

Command Injection

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application

CVE-2023-20873 9.8 - Critical - April 20, 2023

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

In Spring Security

CVE-2023-20862 6.3 - Medium - April 19, 2023

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.

Insufficient Cleanup

In Spring Session version 3.0.0, the session id can be logged to the standard output stream

CVE-2023-20866 6.5 - Medium - April 13, 2023

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression

CVE-2023-20863 6.5 - Medium - April 13, 2023

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

EL Injection

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC

CVE-2023-20860 7.5 - High - March 27, 2023

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression

CVE-2023-20861 6.5 - Medium - March 23, 2023

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

In Spring Vault

CVE-2023-20859 5.5 - Medium - March 23, 2023

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

Insertion of Sensitive Information into Log File

VMware Workspace ONE Content contains a passcode bypass vulnerability

CVE-2023-20857 6.8 - Medium - February 28, 2023

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.

Missing Authentication for Critical Function

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability

CVE-2023-20855 8.8 - High - February 22, 2023

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

XXE

Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may

CVE-2022-36416 7.8 - High - February 16, 2023

Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.

Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may

CVE-2022-36797 5.5 - Medium - February 16, 2023

Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access.

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability

CVE-2023-20856 8.8 - High - February 01, 2023

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.

Session Riding

VMware vRealize Log Insight contains an Information Disclosure Vulnerability

CVE-2022-31711 5.3 - Medium - January 26, 2023

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.

The vRealize Log Insight contains a broken access control vulnerability

CVE-2022-31704 9.8 - Critical - January 26, 2023

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

The vRealize Log Insight contains a Directory Traversal Vulnerability

CVE-2022-31706 9.8 - Critical - January 26, 2023

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Directory traversal

vRealize Log Insight contains a deserialization vulnerability

CVE-2022-31710 7.5 - High - January 26, 2023

vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.

Marshaling, Unmarshaling

vRealize Operations (vROps) contains a privilege escalation vulnerability

CVE-2022-31707 7.2 - High - December 16, 2022

vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

vRealize Operations (vROps) contains a broken access control vulnerability

CVE-2022-31708 4.9 - Medium - December 16, 2022

vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability

CVE-2022-31700 7.2 - High - December 14, 2022

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability

CVE-2022-31701 5.3 - Medium - December 14, 2022

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Missing Authentication for Critical Function

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI)

CVE-2022-31705 8.2 - High - December 14, 2022

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Memory Corruption

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API

CVE-2022-31702 9.8 - Critical - December 14, 2022

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.

Command Injection

The vRealize Log Insight contains a Directory Traversal Vulnerability

CVE-2022-31703 7.5 - High - December 14, 2022

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Directory traversal

The vCenter Server contains a denial-of-service vulnerability in the content library service

CVE-2022-31698 5.3 - Medium - December 13, 2022

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

VMware ESXi contains a heap-overflow vulnerability

CVE-2022-31699 3.3 - Low - December 13, 2022

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

Memory Corruption

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext

CVE-2022-31697 5.5 - Medium - December 13, 2022

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

Cleartext Storage of Sensitive Information

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket

CVE-2022-31696 8.8 - High - December 13, 2022

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.

Memory Corruption

The 10Web Photo Gallery plugin through 1.5.68 for WordPress

CVE-2021-31693 6.5 - Medium - November 29, 2022

The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693.

An issue was discovered in open-vm-tools 2009.03.18-154848

CVE-2009-1142 6.7 - Medium - November 23, 2022

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.

insecure temporary file

An issue was discovered in open-vm-tools 2009.03.18-154848

CVE-2009-1143 7 - High - November 23, 2022

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

insecure temporary file

** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6

CVE-2022-38650 10 - Critical - November 12, 2022

** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Marshaling, Unmarshaling

** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic Server 5.8.6

CVE-2022-38651 9.8 - Critical - November 12, 2022

** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6

CVE-2022-38652 9.9 - Critical - November 12, 2022

** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Marshaling, Unmarshaling

VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability

CVE-2022-31685 9.8 - Critical - November 09, 2022

VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability

CVE-2022-31689 9.8 - Critical - November 09, 2022

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

Session Fixation

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability

CVE-2022-31688 6.1 - Medium - November 09, 2022

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

XSS

VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability

CVE-2022-31687 9.8 - Critical - November 09, 2022

VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability

CVE-2022-31686 9.8 - Critical - November 09, 2022

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools

CVE-2022-31691 9.8 - Critical - November 04, 2022

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.

Spring Security

CVE-2022-31690 8.1 - High - October 31, 2022

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass

CVE-2022-31692 9.8 - Critical - October 31, 2022

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability

CVE-2022-31678 9.1 - Critical - October 28, 2022

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

XXE

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.