VMware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any VMware product.
Products by VMware Sorted by Most Security Vulnerabilities since 2018
Recent VMware Security Advisories
| Advisory | Title | Published |
|---|---|---|
| VMSA-2021-0006 | VMSA-2021-0006 | April 19, 2021 |
| VMSA-2021-0003 | VMSA-2021-0003 | April 6, 2021 |
| VMSA-2021-0002 | VMSA-2021-0002 | April 6, 2021 |
| VMSA-2021-0001 | VMSA-2021-0001 | April 6, 2021 |
| VMSA-2021-0004 | VMSA-2021-0004 | April 6, 2021 |
| VMSA-2021-0005 | VMSA-2021-0005 | April 6, 2021 |
Known Exploited VMware Vulnerabilities
The following VMware vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| VMware ESXi and Workstation TOCTOU Race Condition Vulnerability |
VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host. CVE-2025-22224 Exploit Probability: 52.5% |
March 4, 2025 |
| VMware ESXi Arbitrary Write Vulnerability |
VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox. CVE-2025-22225 Exploit Probability: 10.3% |
March 4, 2025 |
| VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability |
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process. CVE-2025-22226 Exploit Probability: 4.9% |
March 4, 2025 |
| VMware vCenter Server Heap-Based Buffer Overflow Vulnerability |
VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet. CVE-2024-38812 Exploit Probability: 58.0% |
November 20, 2024 |
| VMware vCenter Server Privilege Escalation Vulnerability |
VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet. CVE-2024-38813 Exploit Probability: 14.6% |
November 20, 2024 |
| VMware ESXi Authentication Bypass Vulnerability |
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. CVE-2024-37085 Exploit Probability: 53.7% |
July 30, 2024 |
| VMware vCenter Server Incorrect Default File Permissions Vulnerability |
VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information. CVE-2022-22948 Exploit Probability: 11.5% |
July 17, 2024 |
| VMware vCenter Server Out-of-Bounds Write Vulnerability |
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution. CVE-2023-34048 Exploit Probability: 91.7% |
January 22, 2024 |
| VMware Tools Authentication Bypass Vulnerability |
VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability. CVE-2023-20867 Exploit Probability: 0.5% |
June 23, 2023 |
| Vmware Aria Operations for Networks Command Injection Vulnerability |
VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution. CVE-2023-20887 Exploit Probability: 94.4% |
June 22, 2023 |
| VMware Spring Cloud Gateway Code Injection Vulnerability |
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. CVE-2022-22947 Exploit Probability: 94.5% |
May 16, 2022 |
| VMware Multiple Products Privilege Escalation Vulnerability |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. CVE-2022-22960 Exploit Probability: 77.5% |
April 15, 2022 |
| VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability |
VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. CVE-2022-22954 Exploit Probability: 94.4% |
April 14, 2022 |
| Spring Framework JDK 9+ Remote Code Execution Vulnerability |
Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. CVE-2022-22965 Exploit Probability: 94.5% |
April 4, 2022 |
| VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability |
VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution. CVE-2018-6961 Exploit Probability: 92.0% |
March 25, 2022 |
| VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability |
VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure. CVE-2021-21973 Exploit Probability: 87.8% |
March 7, 2022 |
| VMware Server Side Request Forgery in vRealize Operations Manager API |
Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials. CVE-2021-21975 Exploit Probability: 94.4% |
January 18, 2022 |
| VMware vCenter Server Improper Access Control |
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. CVE-2021-22017 Exploit Probability: 82.7% |
January 10, 2022 |
| VMware ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability |
OpenSLP as used in ESXi and the Horizon DaaS appliances have a heap overwrite issue. A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution. CVE-2019-5544 Exploit Probability: 87.1% |
November 3, 2021 |
| VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Comm |
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. CVE-2020-4006 Exploit Probability: 15.4% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 10 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 4 known exploited VMware vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest VMware Vulnerabilities
Based on the current exploit probability, these VMware vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2022-22947 | 94.5% | VMware Spring Cloud Gateway Code Injection Vulnerability |
| 2 | CVE-2022-22965 | 94.5% | Spring Framework JDK 9+ Remote Code Execution Vulnerability |
| 3 | CVE-2021-22005 | 94.5% | VMware vCenter Server File Upload |
| 4 | CVE-2022-22954 | 94.4% | VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability |
| 5 | CVE-2023-20887 | 94.4% | Vmware Aria Operations for Networks Command Injection Vulnerability |
| 6 | CVE-2021-21975 | 94.4% | VMware Server Side Request Forgery in vRealize Operations Manager API |
| 7 | CVE-2021-21985 | 94.4% | VMware vCenter Server Remote Code Execution Vulnerability |
| 8 | CVE-2021-21972 | 93.7% | VMware vCenter Server Remote Code Execution Vulnerability |
| 9 | CVE-2020-3952 | 93.2% | VMware vCenter Server Info Disclosure Vulnerability |
| 10 | CVE-2018-6961 | 92.0% | VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability |
By the Year
In 2025 there have been 3 vulnerabilities in VMware with an average score of 7.5 out of ten. Last year, in 2024 VMware had 31 security vulnerabilities published. Right now, VMware is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.19.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 3 | 7.47 |
| 2024 | 31 | 7.28 |
| 2023 | 72 | 7.32 |
| 2022 | 79 | 7.21 |
| 2021 | 77 | 7.29 |
| 2020 | 61 | 7.01 |
| 2019 | 31 | 7.16 |
| 2018 | 51 | 7.38 |
It may take a day or so for new VMware vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Security Vulnerabilities
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write
CVE-2025-22224
8.2 - High
- March 04, 2025
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
VMware ESXi contains an arbitrary write vulnerability
CVE-2025-22225
8.2 - High
- March 04, 2025
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Write-what-where Condition
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS
CVE-2025-22226
6 - Medium
- March 04, 2025
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Spring Framework Path Traversal Vulnerability in WebMvc.fn and WebFlux.fn
CVE-2024-38819
- December 19, 2024
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive
CVE-2024-38820
5.3 - Medium
- October 18, 2024
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware
CVE-2024-38814
8.8 - High
- October 16, 2024
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products.
SQL Injection
The vCenter Server contains a privilege escalation vulnerability
CVE-2024-38813
9.8 - Critical
- September 17, 2024
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Improper Check for Dropped Privileges
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol
CVE-2024-38812
9.8 - Critical
- September 17, 2024
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Memory Corruption
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable
CVE-2024-38811
7.8 - High
- September 03, 2024
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1
CVE-2024-38810
7.5 - High
- August 20, 2024
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
AuthZ
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system
CVE-2024-37084
8.8 - High
- July 25, 2024
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product
CVE-2024-22280
8.1 - High
- July 11, 2024
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
SQL Injection
VMware Cloud Director Availability contains an HTML injection vulnerability
CVE-2024-22277
5.4 - Medium
- July 04, 2024
VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks.
XSS
VMware ESXi contains an authentication bypass vulnerability
CVE-2024-37085
7.2 - High
- June 25, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
authentification
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol
CVE-2024-37080
9.8 - Critical
- June 18, 2024
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Memory Corruption
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol
CVE-2024-37079
9.8 - Critical
- June 18, 2024
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Memory Corruption
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability
CVE-2024-22273
7.8 - High
- May 21, 2024
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
Out-of-bounds Read
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device
CVE-2024-22267
8.2 - High
- May 14, 2024
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Dangling pointer
VMware Cloud Director contains a partial information disclosure vulnerability
CVE-2024-22256
4.3 - Medium
- March 07, 2024
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller
CVE-2024-22253
6.7 - Medium
- March 05, 2024
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
VMware ESXi contains an out-of-bounds write vulnerability
CVE-2024-22254
8.2 - High
- March 05, 2024
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller
CVE-2024-22255
- March 05, 2024
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller
CVE-2024-22252
6.7 - Medium
- March 05, 2024
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Dangling pointer
VMware Aria Operations contains a local privilege escalation vulnerability
CVE-2024-22235
6.7 - Medium
- February 21, 2024
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
In Spring Security
CVE-2024-22234
7.4 - High
- February 20, 2024
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
Aria Operations for Networks contains a cross site scripting vulnerability
CVE-2024-22241
4.8 - Medium
- February 06, 2024
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
XSS
Aria Operations for Networks contains a local file read vulnerability
CVE-2024-22240
4.9 - Medium
- February 06, 2024
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
Files or Directories Accessible to External Parties
Aria Operations for Networks contains a local privilege escalation vulnerability
CVE-2024-22239
7.8 - High
- February 06, 2024
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
Improper Privilege Management
Aria Operations for Networks contains a cross site scripting vulnerability
CVE-2024-22238
4.8 - Medium
- February 06, 2024
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
XSS
Aria Operations for Networks contains a local privilege escalation vulnerability
CVE-2024-22237
7.8 - High
- February 06, 2024
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
Improper Privilege Management
The spring-security.xsd file inside the
spring-security-config jar is world writable which means
CVE-2023-34042
5.5 - Medium
- February 05, 2024
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of CWE-732: Incorrect Permission Assignment for Critical Resource and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.
Incorrect Permission Assignment for Critical Resource
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure
CVE-2024-22236
5.5 - Medium
- January 31, 2024
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.
Incorrect Permission Assignment for Critical Resource
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests
CVE-2024-22233
7.5 - High
- January 22, 2024
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
Aria Automation contains a Missing Access Control vulnerability
CVE-2023-34063
8.3 - High
- January 16, 2024
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
AuthZ
The vmwgfx driver contains a local privilege escalation vulnerability
CVE-2022-22942
7.8 - High
- December 13, 2023
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
Dangling pointer
Workspace ONE Launcher contains a Privilege Escalation Vulnerability
CVE-2023-34064
4.6 - Medium
- December 12, 2023
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests
CVE-2023-34055
6.5 - Medium
- November 28, 2023
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests
CVE-2023-34053
7.5 - High
- November 28, 2023
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
VMware Workspace ONE UEM console contains an open redirect vulnerability
CVE-2023-20886
6.1 - Medium
- October 31, 2023
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
Open Redirect
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper
CVE-2023-34059
7 - High
- October 27, 2023
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
VMware Tools contains a SAML token signature bypass vulnerability
CVE-2023-34058
7.5 - High
- October 27, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
Improper Verification of Cryptographic Signature
VMware Tools contains a local privilege escalation vulnerability
CVE-2023-34057
7.8 - High
- October 27, 2023
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
Improper Privilege Management
RabbitMQ is a multi-protocol messaging and streaming broker
CVE-2023-46118
4.9 - Medium
- October 25, 2023
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
Resource Exhaustion
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes
CVE-2023-46120
7.5 - High
- October 25, 2023
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.
Resource Exhaustion
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol
CVE-2023-34048
9.8 - Critical
- October 25, 2023
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Memory Corruption
vCenter Server contains a partial information disclosure vulnerability
CVE-2023-34056
4.3 - Medium
- October 25, 2023
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability
CVE-2023-34045
7.8 - High
- October 20, 2023
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds
read vulnerability
CVE-2023-34044
6 - Medium
- October 20, 2023
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
Out-of-bounds Read
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use)
vulnerability
CVE-2023-34046
7 - High
- October 20, 2023
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
TOCTTOU
VMware Aria Operations for Logs contains a deserialization vulnerability
CVE-2023-34052
7.8 - High
- October 20, 2023
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.
Marshaling, Unmarshaling
VMware Aria Operations for Logs contains an authentication bypass vulnerability
CVE-2023-34051
9.8 - Critical
- October 20, 2023
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
AuthZ
In spring AMQP versions 1.0.0 to
2.4.16 and 3.0.0 to 3.0.9
CVE-2023-34050
4.3 - Medium
- October 19, 2023
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content
Marshaling, Unmarshaling
VMware Aria Operations contains a local privilege escalation vulnerability
CVE-2023-34043
6.7 - Medium
- September 27, 2023
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Improper Privilege Management
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values
CVE-2023-34047
4.3 - Medium
- September 20, 2023
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.
Aria Operations for Networks contains an arbitrary file write vulnerability
CVE-2023-20890
7.2 - High
- August 29, 2023
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
Directory traversal
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation
CVE-2023-34039
9.8 - Critical
- August 29, 2023
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Use of a Broken or Risky Cryptographic Algorithm
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier
CVE-2023-34040
7.8 - High
- August 24, 2023
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.
Marshaling, Unmarshaling
VMware Horizon Server contains an information disclosure vulnerability
CVE-2023-34038
5.3 - Medium
- August 04, 2023
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.
VMware Horizon Server contains a HTTP request smuggling vulnerability
CVE-2023-34037
5.3 - Medium
- August 04, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.
HTTP Request Smuggling
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs
CVE-2023-20891
6.5 - Medium
- July 26, 2023
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.
Insertion of Sensitive Information into Log File
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux
CVE-2023-34034
9.8 - Critical
- July 19, 2023
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Spring Security versions 5.8 prior to 5.8.5
CVE-2023-34035
5.3 - Medium
- July 18, 2023
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVCs DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVCs DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVCs DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints
AuthZ
Reactive web applications
CVE-2023-34036
5.3 - Medium
- July 17, 2023
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded headers.
Output Sanitization
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol
CVE-2023-20896
7.5 - High
- June 22, 2023
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
Out-of-bounds Read
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol
CVE-2023-20893
9.8 - Critical
- June 22, 2023
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
Dangling pointer
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol
CVE-2023-20892
9.8 - Critical
- June 22, 2023
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.
Memory Corruption
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol
CVE-2023-20895
9.8 - Critical
- June 22, 2023
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
Memory Corruption
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol
CVE-2023-20894
9.8 - Critical
- June 22, 2023
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
Memory Corruption
A fully compromised ESXi host
CVE-2023-20867
3.9 - Low
- June 13, 2023
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
authentification
Aria Operations for Networks contains an information disclosure vulnerability
CVE-2023-20889
7.5 - High
- June 07, 2023
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.
Command Injection
Aria Operations for Networks contains an authenticated deserialization vulnerability
CVE-2023-20888
8.8 - High
- June 07, 2023
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
Marshaling, Unmarshaling
Aria Operations for Networks contains a command injection vulnerability
CVE-2023-20887
9.8 - Critical
- June 07, 2023
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
Command Injection
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver
CVE-2022-31693
5.5 - Medium
- June 07, 2023
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability
CVE-2023-20884
6.1 - Medium
- May 30, 2023
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
Open Redirect
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation
CVE-2023-20868
6.1 - Medium
- May 26, 2023
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
XSS
In Spring Boot versions 3.0.0 - 3.0.6
CVE-2023-20883
7.5 - High
- May 26, 2023
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
Resource Exhaustion
Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL
CVE-2023-31131
9.1 - Critical
- May 15, 2023
Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.
Directory traversal
VMware Aria Operations contains a privilege escalation vulnerability
CVE-2023-20880
6.7 - Medium
- May 12, 2023
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
VMware Aria Operations contains a Local privilege escalation vulnerability
CVE-2023-20879
6.7 - Medium
- May 12, 2023
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
VMware Aria Operations contains a deserialization vulnerability
CVE-2023-20878
7.2 - High
- May 12, 2023
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
Marshaling, Unmarshaling
VMware Aria Operations contains a privilege escalation vulnerability
CVE-2023-20877
8.8 - High
- May 12, 2023
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
VMware Workstation and Fusion contain an out-of-bounds read vulnerability
CVE-2023-20870
6 - Medium
- April 25, 2023
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
Out-of-bounds Read
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability
CVE-2023-20869
8.2 - High
- April 25, 2023
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
Memory Corruption
VMware Fusion contains a local privilege escalation vulnerability
CVE-2023-20871
7.8 - High
- April 25, 2023
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
CVE-2023-20872
8.8 - High
- April 25, 2023
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
Memory Corruption
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services
CVE-2023-29552
7.5 - High
- April 25, 2023
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application
CVE-2023-20873
9.8 - Critical
- April 20, 2023
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
VMware Aria Operations for Logs contains a command injection vulnerability
CVE-2023-20865
7.2 - High
- April 20, 2023
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
Command Injection
VMware Aria Operations for Logs contains a deserialization vulnerability
CVE-2023-20864
9.8 - Critical
- April 20, 2023
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
Marshaling, Unmarshaling
In Spring Security
CVE-2023-20862
6.3 - Medium
- April 19, 2023
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Insufficient Cleanup
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression
CVE-2023-20863
6.5 - Medium
- April 13, 2023
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
EL Injection
In Spring Session version 3.0.0, the session id can be logged to the standard output stream
CVE-2023-20866
6.5 - Medium
- April 13, 2023
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC
CVE-2023-20860
7.5 - High
- March 27, 2023
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
In Spring Vault
CVE-2023-20859
5.5 - Medium
- March 23, 2023
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
Insertion of Sensitive Information into Log File
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression
CVE-2023-20861
6.5 - Medium
- March 23, 2023
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
VMware Workspace ONE Content contains a passcode bypass vulnerability
CVE-2023-20857
6.8 - Medium
- February 28, 2023
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.
Missing Authentication for Critical Function
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability
CVE-2023-20855
8.8 - High
- February 22, 2023
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.
XXE
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability
CVE-2023-20858
7.2 - High
- February 22, 2023
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.
Injection
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may
CVE-2022-36797
5.5 - Medium
- February 16, 2023
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access.
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may
CVE-2022-36416
7.8 - High
- February 16, 2023
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.