VMware
Products by VMware Sorted by Most Security Vulnerabilities since 2018
Recent VMware Security Advisories
Advisory | Title | Published |
---|---|---|
VMSA-2021-0006 | VMSA-2021-0006 | April 19, 2021 |
VMSA-2021-0003 | VMSA-2021-0003 | April 6, 2021 |
VMSA-2021-0002 | VMSA-2021-0002 | April 6, 2021 |
VMSA-2021-0001 | VMSA-2021-0001 | April 6, 2021 |
VMSA-2021-0004 | VMSA-2021-0004 | April 6, 2021 |
VMSA-2021-0005 | VMSA-2021-0005 | April 6, 2021 |
@VMware Tweets

Thu Feb 02 20:39:16 +0000 2023

Thu Feb 02 17:02:26 +0000 2023

Wed Feb 01 19:57:23 +0000 2023

Wed Feb 01 13:10:12 +0000 2023
By the Year
In 2023 there have been 4 vulnerabilities in VMware with an average score of 8.1 out of ten. Last year VMware had 78 security vulnerabilities published. Right now, VMware is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.90.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 4 | 8.10 |
2022 | 78 | 7.20 |
2021 | 77 | 7.29 |
2020 | 60 | 7.00 |
2019 | 31 | 7.16 |
2018 | 49 | 7.36 |
It may take a day or so for new VMware vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Security Vulnerabilities
VMware vRealize Log Insight contains an Information Disclosure Vulnerability
CVE-2022-31711
5.3 - Medium
- January 26, 2023
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
Information Disclosure
The vRealize Log Insight contains a broken access control vulnerability
CVE-2022-31704
9.8 - Critical
- January 26, 2023
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
The vRealize Log Insight contains a Directory Traversal Vulnerability
CVE-2022-31706
9.8 - Critical
- January 26, 2023
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Directory traversal
vRealize Log Insight contains a deserialization vulnerability
CVE-2022-31710
7.5 - High
- January 26, 2023
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
Marshaling, Unmarshaling
vRealize Operations (vROps) contains a privilege escalation vulnerability
CVE-2022-31707
7.2 - High
- December 16, 2022
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
vRealize Operations (vROps) contains a broken access control vulnerability
CVE-2022-31708
4.9 - Medium
- December 16, 2022
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
Exposure of Resource to Wrong Sphere
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability
CVE-2022-31700
7.2 - High
- December 14, 2022
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability
CVE-2022-31701
5.3 - Medium
- December 14, 2022
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
authentification
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI)
CVE-2022-31705
8.2 - High
- December 14, 2022
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Memory Corruption
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API
CVE-2022-31702
9.8 - Critical
- December 14, 2022
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.
Command Injection
The vRealize Log Insight contains a Directory Traversal Vulnerability
CVE-2022-31703
7.5 - High
- December 14, 2022
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Directory traversal
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket
CVE-2022-31696
8.8 - High
- December 13, 2022
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext
CVE-2022-31697
5.5 - Medium
- December 13, 2022
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
Cleartext Storage of Sensitive Information
The vCenter Server contains a denial-of-service vulnerability in the content library service
CVE-2022-31698
5.3 - Medium
- December 13, 2022
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.
VMware ESXi contains a heap-overflow vulnerability
CVE-2022-31699
3.3 - Low
- December 13, 2022
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.
Memory Corruption
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver
CVE-2021-31693
6.5 - Medium
- November 29, 2022
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.
An issue was discovered in open-vm-tools 2009.03.18-154848
CVE-2009-1142
6.7 - Medium
- November 23, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.
insecure temporary file
An issue was discovered in open-vm-tools 2009.03.18-154848
CVE-2009-1143
7 - High
- November 23, 2022
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
insecure temporary file
** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6
CVE-2022-38650
10 - Critical
- November 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Marshaling, Unmarshaling
** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic Server 5.8.6
CVE-2022-38651
9.8 - Critical
- November 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6
CVE-2022-38652
9.9 - Critical
- November 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Marshaling, Unmarshaling
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability
CVE-2022-31685
9.8 - Critical
- November 09, 2022
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
Missing Authentication for Critical Function
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability
CVE-2022-31686
9.8 - Critical
- November 09, 2022
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
authentification
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability
CVE-2022-31687
9.8 - Critical
- November 09, 2022
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability
CVE-2022-31688
6.1 - Medium
- November 09, 2022
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
XSS
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability
CVE-2022-31689
9.8 - Critical
- November 09, 2022
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
Session Fixation
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools
CVE-2022-31691
9.8 - Critical
- November 04, 2022
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.
Code Injection
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass
CVE-2022-31692
9.8 - Critical
- October 31, 2022
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
AuthZ
Spring Security
CVE-2022-31690
8.1 - High
- October 31, 2022
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.
Improper Privilege Management
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability
CVE-2022-31678
9.1 - Critical
- October 28, 2022
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
XXE
VMware Aria Operations contains an arbitrary file read vulnerability
CVE-2022-31682
4.9 - Medium
- October 11, 2022
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller)
CVE-2022-31680
9.1 - Critical
- October 07, 2022
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
Marshaling, Unmarshaling
VMware ESXi contains a null-pointer deference vulnerability
CVE-2022-31681
6.5 - Medium
- October 07, 2022
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
NULL Pointer Dereference
RabbitMQ is a multi-protocol messaging and streaming broker
CVE-2022-31008
7.5 - High
- October 06, 2022
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
Use of Insufficiently Random Values
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they
CVE-2022-31679
3.7 - Low
- September 21, 2022
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0)
CVE-2022-31677
5.4 - Medium
- August 29, 2022
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
Insufficient Session Expiration
VMware vRealize Operations contains an authentication bypass vulnerability
CVE-2022-31675
7.5 - High
- August 10, 2022
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
AuthZ
VMware vRealize Operations contains an information disclosure vulnerability
CVE-2022-31674
4.3 - Medium
- August 10, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
Insertion of Sensitive Information into Log File
VMware vRealize Operations contains an information disclosure vulnerability
CVE-2022-31673
8.8 - High
- August 10, 2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
Exposure of Resource to Wrong Sphere
VMware vRealize Operations contains a privilege escalation vulnerability
CVE-2022-31672
7.2 - High
- August 10, 2022
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
Improper Privilege Management
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability
CVE-2022-22983
5.9 - Medium
- August 10, 2022
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
Insufficiently Protected Credentials
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVE-2022-23825
6.5 - Medium
- July 14, 2022
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Exposure of Resource to Wrong Sphere
The vCenter Server contains a server-side request forgery (SSRF) vulnerability
CVE-2022-22982
7.5 - High
- July 13, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
XSPA
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
CVE-2022-31655
5.4 - Medium
- July 12, 2022
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
XSS
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
CVE-2022-31654
5.4 - Medium
- July 12, 2022
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
XSS
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant
CVE-2022-29901
6.5 - Medium
- July 12, 2022
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Exposure of Resource to Wrong Sphere
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions
CVE-2022-22980
9.8 - Critical
- June 23, 2022
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
EL Injection
In Spring Cloud Function versions prior to 3.2.6
CVE-2022-22979
7.5 - High
- June 21, 2022
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
Allocation of Resources Without Limits or Throttling
VMware HCX update addresses an information disclosure vulnerability
CVE-2022-22953
6.5 - Medium
- June 16, 2022
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
Information Disclosure
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may
CVE-2022-21166
5.5 - Medium
- June 15, 2022
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient Cleanup
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may
CVE-2022-21125
5.5 - Medium
- June 15, 2022
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient Cleanup
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may
CVE-2022-21123
5.5 - Medium
- June 15, 2022
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient Cleanup
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability
CVE-2022-22973
7.8 - High
- May 20, 2022
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Improper Privilege Management
VMware Workspace ONE Access
CVE-2022-22972
9.8 - Critical
- May 20, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
authentification
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher
CVE-2022-22978
9.8 - Critical
- May 19, 2022
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass
AuthZ
Spring Security versions 5.5.x prior to 5.5.7
CVE-2022-22976
5.3 - Medium
- May 19, 2022
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
Integer Overflow or Wraparound
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications
CVE-2022-22970
5.3 - Medium
- May 12, 2022
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Allocation of Resources Without Limits or Throttling
In spring framework versions prior to 5.3.20+
CVE-2022-22971
6.5 - Medium
- May 12, 2022
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
Allocation of Resources Without Limits or Throttling
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources
CVE-2022-22975
6.6 - Medium
- May 11, 2022
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.
Injection
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for dis
CVE-2022-22968
5.3 - Medium
- April 14, 2022
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
Improper Handling of Case Sensitivity
An authenticated
CVE-2022-22966
7.2 - High
- April 14, 2022
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter
CVE-2021-22055
5.3 - Medium
- April 11, 2022
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.
Injection
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection
CVE-2022-22954
9.8 - Critical
- April 11, 2022
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding
CVE-2022-22965
9.8 - Critical
- April 01, 2022
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Code Injection
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression
CVE-2022-22950
6.5 - Medium
- April 01, 2022
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Allocation of Resources Without Limits or Throttling
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression
CVE-2022-22963
9.8 - Critical
- April 01, 2022
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Code Injection
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking
CVE-2022-27772
7.8 - High
- March 30, 2022
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.
Exposure of Resource to Wrong Sphere
The vCenter Server contains an information disclosure vulnerability due to improper permission of files
CVE-2022-22948
6.5 - Medium
- March 29, 2022
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Incorrect Default Permissions
In spring cloud gateway versions prior to 3.1.1+ , applications
CVE-2022-22946
5.5 - Medium
- March 04, 2022
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
Improper Certificate Validation
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+
CVE-2022-22947
10 - Critical
- March 03, 2022
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Code Injection
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability
CVE-2022-22943
6.7 - Medium
- March 03, 2022
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.
DLL preloading
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability
CVE-2022-22944
5.4 - Medium
- March 02, 2022
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.
XSS
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy
CVE-2021-22050
7.5 - High
- February 16, 2022
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.
Allocation of Resources Without Limits or Throttling
VMware NSX Edge contains a CLI shell injection vulnerability
CVE-2022-22945
7.8 - High
- February 16, 2022
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.
Shell injection
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets
CVE-2021-22042
7.8 - High
- February 16, 2022
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
AuthZ
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller
CVE-2021-22040
6.7 - Medium
- February 16, 2022
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Dangling pointer
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller
CVE-2021-22041
6.7 - Medium
- February 16, 2022
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled
CVE-2021-22043
7.5 - High
- February 16, 2022
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.
TOCTTOU
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager
CVE-2022-22939
4.9 - Medium
- February 04, 2022
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
Insertion of Sensitive Information into Log File
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component
CVE-2022-22938
6.5 - Medium
- January 28, 2022
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
In Spring Framework versions 5.3.0 - 5.3.13
CVE-2021-22060
4.3 - Medium
- January 10, 2022
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
VMware ESXi (7.0
CVE-2021-22045
7.8 - High
- January 04, 2022
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
Memory Corruption
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37
CVE-2021-22054
7.5 - High
- December 17, 2021
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
XSPA
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object
CVE-2021-22095
6.5 - Medium
- November 30, 2021
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
Marshaling, Unmarshaling
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability
CVE-2021-21980
7.5 - High
- November 24, 2021
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in
CVE-2021-22049
9.8 - Critical
- November 24, 2021
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
XSPA
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates
CVE-2021-22053
8.8 - High
- November 19, 2021
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.
Code Injection
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism
CVE-2021-22048
8.8 - High
- November 10, 2021
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests
CVE-2021-22051
6.5 - Medium
- November 08, 2021
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
AuthZ
On Windows, the uninstaller binary copies itself to a fixed temporary location
CVE-2021-22038
8.8 - High
- October 29, 2021
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.
Use of Insufficiently Random Values
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command
CVE-2021-22037
7.8 - High
- October 29, 2021
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.
DLL preloading
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces
CVE-2021-22044
7.5 - High
- October 28, 2021
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.
Exposure of Resource to Wrong Sphere
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs
CVE-2021-22047
5.3 - Medium
- October 28, 2021
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.
Exposure of Resource to Wrong Sphere
In Spring Framework versions 5.3.0 - 5.3.10
CVE-2021-22096
4.3 - Medium
- October 28, 2021
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10
CVE-2021-22097
6.5 - Medium
- October 28, 2021
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
Marshaling, Unmarshaling
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.
CVE-2021-22034
7.5 - High
- October 21, 2021
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
CVE-2021-22033
2.7 - Low
- October 13, 2021
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
XSPA
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling
CVE-2021-22036
6.5 - Medium
- October 13, 2021
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.
Information Disclosure
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function
CVE-2021-22035
4.3 - Medium
- October 13, 2021
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
Injection
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories
CVE-2021-22015
7.8 - High
- September 23, 2021
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
Files or Directories Accessible to External Parties