VMware Cloud Foundation
By the Year
In 2024 there have been 3 vulnerabilities in VMware Cloud Foundation with an average score of 7.9 out of ten. Last year Cloud Foundation had 8 security vulnerabilities published. Right now, Cloud Foundation is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.47.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 3 | 7.87 |
2023 | 8 | 7.40 |
2022 | 20 | 7.08 |
2021 | 40 | 7.25 |
2020 | 13 | 6.77 |
2019 | 1 | 7.50 |
2018 | 0 | 0.00 |
It may take a day or so for new Cloud Foundation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Cloud Foundation Security Vulnerabilities
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product
CVE-2024-22280
8.1 - High
- July 11, 2024
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
SQL Injection
VMware ESXi contains an authentication bypass vulnerability
CVE-2024-37085
7.2 - High
- June 25, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
authentification
Aria Automation contains a Missing Access Control vulnerability
CVE-2023-34063
8.3 - High
- January 16, 2024
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
AuthZ
VMware Aria Operations contains a local privilege escalation vulnerability
CVE-2023-34043
6.7 - Medium
- September 27, 2023
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Improper Privilege Management
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability
CVE-2023-20884
6.1 - Medium
- May 30, 2023
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
Open Redirect
VMware Aria Operations contains a privilege escalation vulnerability
CVE-2023-20880
6.7 - Medium
- May 12, 2023
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
VMware Aria Operations contains a Local privilege escalation vulnerability
CVE-2023-20879
6.7 - Medium
- May 12, 2023
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
VMware Aria Operations contains a deserialization vulnerability
CVE-2023-20878
7.2 - High
- May 12, 2023
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
Marshaling, Unmarshaling
VMware Aria Operations contains a privilege escalation vulnerability
CVE-2023-20877
8.8 - High
- May 12, 2023
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
VMware Aria Operations for Logs contains a deserialization vulnerability
CVE-2023-20864
9.8 - Critical
- April 20, 2023
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
Marshaling, Unmarshaling
VMware Aria Operations for Logs contains a command injection vulnerability
CVE-2023-20865
7.2 - High
- April 20, 2023
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
Command Injection
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability
CVE-2022-31700
7.2 - High
- December 14, 2022
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability
CVE-2022-31701
5.3 - Medium
- December 14, 2022
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Missing Authentication for Critical Function
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket
CVE-2022-31696
8.8 - High
- December 13, 2022
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.
Memory Corruption
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext
CVE-2022-31697
5.5 - Medium
- December 13, 2022
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
Cleartext Storage of Sensitive Information
The vCenter Server contains a denial-of-service vulnerability in the content library service
CVE-2022-31698
5.3 - Medium
- December 13, 2022
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.
VMware ESXi contains a heap-overflow vulnerability
CVE-2022-31699
3.3 - Low
- December 13, 2022
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.
Memory Corruption
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability
CVE-2022-31678
9.1 - Critical
- October 28, 2022
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
XXE
VMware ESXi contains a null-pointer deference vulnerability
CVE-2022-31681
6.5 - Medium
- October 07, 2022
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
NULL Pointer Dereference
The vCenter Server contains a server-side request forgery (SSRF) vulnerability
CVE-2022-22982
7.5 - High
- July 13, 2022
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
XSPA
VMware Workspace ONE Access
CVE-2022-22972
9.8 - Critical
- May 20, 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability
CVE-2022-22973
7.8 - High
- May 20, 2022
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection
CVE-2022-22954
9.8 - Critical
- April 11, 2022
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Code Injection
The vCenter Server contains an information disclosure vulnerability due to improper permission of files
CVE-2022-22948
6.5 - Medium
- March 29, 2022
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Incorrect Default Permissions
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller
CVE-2021-22041
6.7 - Medium
- February 16, 2022
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
VMware NSX Edge contains a CLI shell injection vulnerability
CVE-2022-22945
7.8 - High
- February 16, 2022
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.
Shell injection
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller
CVE-2021-22040
6.7 - Medium
- February 16, 2022
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Dangling pointer
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy
CVE-2021-22050
7.5 - High
- February 16, 2022
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.
Allocation of Resources Without Limits or Throttling
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets
CVE-2021-22042
7.8 - High
- February 16, 2022
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
AuthZ
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager
CVE-2022-22939
4.9 - Medium
- February 04, 2022
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
Insertion of Sensitive Information into Log File
VMware ESXi (7.0
CVE-2021-22045
7.8 - High
- January 04, 2022
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
Memory Corruption
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability
CVE-2021-21980
7.5 - High
- November 24, 2021
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism
CVE-2021-22048
8.8 - High
- November 10, 2021
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function
CVE-2021-22035
4.3 - Medium
- October 13, 2021
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
Injection
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
CVE-2021-22033
2.7 - Low
- October 13, 2021
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
XSPA
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service
CVE-2021-22019
7.5 - High
- September 23, 2021
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in
CVE-2021-22018
6.5 - Medium
- September 23, 2021
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
The vCenter Server contains a denial-of-service vulnerability in the Analytics service
CVE-2021-22020
5.5 - Medium
- September 23, 2021
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization
CVE-2021-22016
6.1 - Medium
- September 23, 2021
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
XSS
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories
CVE-2021-22015
7.8 - High
- September 23, 2021
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
Files or Directories Accessible to External Parties
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service
CVE-2021-22005
9.8 - Critical
- September 23, 2021
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
Directory traversal
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure)
CVE-2021-22014
7.2 - High
- September 23, 2021
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API
CVE-2021-22013
7.5 - High
- September 23, 2021
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
Directory traversal
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API
CVE-2021-22012
7.5 - High
- September 23, 2021
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
Missing Authentication for Critical Function
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library
CVE-2021-22011
5.3 - Medium
- September 23, 2021
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
The vCenter Server contains a denial-of-service vulnerability in VPXD service
CVE-2021-22010
7.5 - High
- September 23, 2021
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.
Resource Exhaustion
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service
CVE-2021-22009
7.5 - High
- September 23, 2021
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.
Exposure of Resource to Wrong Sphere
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service
CVE-2021-22008
7.5 - High
- September 23, 2021
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI
CVE-2021-22006
7.5 - High
- September 23, 2021
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
The vCenter Server contains a local information disclosure vulnerability in the Analytics service
CVE-2021-22007
5.5 - Medium
- September 23, 2021
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library
CVE-2021-21993
6.5 - Medium
- September 23, 2021
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
XSPA
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens
CVE-2021-21991
7.8 - High
- September 22, 2021
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing
CVE-2021-21992
6.5 - Medium
- September 22, 2021
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.
VMware Workspace ONE Access and Identity Manager
CVE-2021-22002
9.8 - Critical
- August 31, 2021
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
authentification
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443
CVE-2021-22003
7.5 - High
- August 31, 2021
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
Improper Restriction of Excessive Authentication Attempts
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation
CVE-2021-22021
5.4 - Medium
- August 30, 2021
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
XSS
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability
CVE-2021-22023
7.2 - High
- August 30, 2021
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.
Insecure Direct Object Reference / IDOR
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point
CVE-2021-22027
7.5 - High
- August 30, 2021
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
XSPA
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point
CVE-2021-22026
7.5 - High
- August 30, 2021
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
XSPA
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access
CVE-2021-22025
7.5 - High
- August 30, 2021
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.
authentification
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability
CVE-2021-22024
7.5 - High
- August 30, 2021
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
Insertion of Sensitive Information into Log File
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability
CVE-2021-22022
4.9 - Medium
- August 30, 2021
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
Directory traversal
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability
CVE-2021-21994
9.8 - Critical
- July 13, 2021
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
authentification
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue
CVE-2021-21995
7.5 - High
- July 13, 2021
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.
Out-of-bounds Read
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in
CVE-2021-21985
9.8 - Critical
- May 26, 2021
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Improper Input Validation
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check
CVE-2021-21986
9.8 - Critical
- May 26, 2021
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
Missing Authentication for Critical Function
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may
CVE-2021-21983
6.5 - Medium
- March 31, 2021
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may
CVE-2021-21975
7.5 - High
- March 31, 2021
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
XSPA
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin
CVE-2021-21972
9.8 - Critical
- February 24, 2021
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Directory traversal
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551
CVE-2021-21974
8.8 - High
- February 24, 2021
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
Memory Corruption
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin
CVE-2021-21973
5.3 - Medium
- February 24, 2021
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
XSPA
VMware Workspace One Access
CVE-2020-4006
9.1 - Critical
- November 23, 2020
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Command Injection
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability
CVE-2020-4005
7.8 - High
- November 20, 2020
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)
Improper Privilege Management
VMware ESXi (7.0 before ESXi70U1b-17168206
CVE-2020-4004
8.2 - High
- November 20, 2020
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Dangling pointer
In VMware ESXi (6.7 before ESXi670-201908101-SG
CVE-2020-3995
5.3 - Medium
- October 20, 2020
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.
Memory Leak
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804
CVE-2020-3992
9.8 - Critical
- October 20, 2020
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
Dangling pointer
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804
CVE-2020-3982
7.7 - High
- October 20, 2020
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
Memory Corruption
VMware vCenter Server (6.7 before 6.7u3
CVE-2020-3994
7.4 - High
- October 20, 2020
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.
Improper Certificate Validation
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability
CVE-2020-3993
5.9 - Medium
- October 20, 2020
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804
CVE-2020-3981
5.8 - Medium
- October 20, 2020
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
TOCTTOU
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services
CVE-2020-3976
5.3 - Medium
- August 21, 2020
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Resource Exhaustion
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3963
5.5 - Medium
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.
Dangling pointer
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3964
4.7 - Medium
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.
Use of Uninitialized Resource
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3965
5.5 - Medium
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
Out-of-bounds Read
Harbor API has a Broken Access Control vulnerability
CVE-2019-16919
7.5 - High
- October 18, 2019
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.
Incorrect Default Permissions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Harbor Container Registry or by VMware? Click the Watch button to subscribe.