VMware Cloud Foundation

Aria Automation contains a Missing Access Control vulnerability

CVE-2023-34063 8.3 - High - January 16, 2024

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

AuthZ

VMware Aria Operations contains a local privilege escalation vulnerability

CVE-2023-34043 6.7 - Medium - September 27, 2023

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

Improper Privilege Management

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability

CVE-2023-20884 6.1 - Medium - May 30, 2023

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

Open Redirect

VMware Aria Operations contains a privilege escalation vulnerability

CVE-2023-20877 8.8 - High - May 12, 2023

VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.

VMware Aria Operations contains a deserialization vulnerability

CVE-2023-20878 7.2 - High - May 12, 2023

VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.

Marshaling, Unmarshaling

VMware Aria Operations contains a Local privilege escalation vulnerability

CVE-2023-20879 6.7 - Medium - May 12, 2023

VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.

VMware Aria Operations contains a privilege escalation vulnerability

CVE-2023-20880 6.7 - Medium - May 12, 2023

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

VMware Aria Operations for Logs contains a command injection vulnerability

CVE-2023-20865 7.2 - High - April 20, 2023

VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.

Command Injection

VMware Aria Operations for Logs contains a deserialization vulnerability

CVE-2023-20864 9.8 - Critical - April 20, 2023

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

Marshaling, Unmarshaling

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability

CVE-2022-31700 7.2 - High - December 14, 2022

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability

CVE-2022-31701 5.3 - Medium - December 14, 2022

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Missing Authentication for Critical Function

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket

CVE-2022-31696 8.8 - High - December 13, 2022

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.

Memory Corruption

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext

CVE-2022-31697 5.5 - Medium - December 13, 2022

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

Cleartext Storage of Sensitive Information

The vCenter Server contains a denial-of-service vulnerability in the content library service

CVE-2022-31698 5.3 - Medium - December 13, 2022

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

VMware ESXi contains a heap-overflow vulnerability

CVE-2022-31699 3.3 - Low - December 13, 2022

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

Memory Corruption

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability

CVE-2022-31678 9.1 - Critical - October 28, 2022

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

XXE

VMware ESXi contains a null-pointer deference vulnerability

CVE-2022-31681 6.5 - Medium - October 07, 2022

VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.

NULL Pointer Dereference

The vCenter Server contains a server-side request forgery (SSRF) vulnerability

CVE-2022-22982 7.5 - High - July 13, 2022

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

XSPA

VMware Workspace ONE Access

CVE-2022-22972 9.8 - Critical - May 20, 2022

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability

CVE-2022-22973 7.8 - High - May 20, 2022

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection

CVE-2022-22954 9.8 - Critical - April 11, 2022

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

Code Injection

The vCenter Server contains an information disclosure vulnerability due to improper permission of files

CVE-2022-22948 6.5 - Medium - March 29, 2022

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Incorrect Default Permissions

VMware NSX Edge contains a CLI shell injection vulnerability

CVE-2022-22945 7.8 - High - February 16, 2022

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.

Shell injection

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller

CVE-2021-22041 6.7 - Medium - February 16, 2022

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller

CVE-2021-22040 6.7 - Medium - February 16, 2022

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Dangling pointer

ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy

CVE-2021-22050 7.5 - High - February 16, 2022

ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.

Allocation of Resources Without Limits or Throttling

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets

CVE-2021-22042 7.8 - High - February 16, 2022

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.

AuthZ

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager

CVE-2022-22939 4.9 - Medium - February 04, 2022

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.

Insertion of Sensitive Information into Log File

VMware ESXi (7.0

CVE-2021-22045 7.8 - High - January 04, 2022

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

Memory Corruption

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability

CVE-2021-21980 7.5 - High - November 24, 2021

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism

CVE-2021-22048 8.8 - High - November 10, 2021

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function

CVE-2021-22035 4.3 - Medium - October 13, 2021

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.

Injection

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

CVE-2021-22033 2.7 - Low - October 13, 2021

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

XSPA

The vCenter Server contains a denial-of-service vulnerability in the Analytics service

CVE-2021-22020 5.5 - Medium - September 23, 2021

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in

CVE-2021-22018 6.5 - Medium - September 23, 2021

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service

CVE-2021-22019 7.5 - High - September 23, 2021

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.

The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization

CVE-2021-22016 6.1 - Medium - September 23, 2021

The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.

XSS

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories

CVE-2021-22015 7.8 - High - September 23, 2021

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.

Files or Directories Accessible to External Parties

The vCenter Server contains a local information disclosure vulnerability in the Analytics service

CVE-2021-22007 5.5 - Medium - September 23, 2021

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.

The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service

CVE-2021-22008 7.5 - High - September 23, 2021

The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.

The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure)

CVE-2021-22014 7.2 - High - September 23, 2021

The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API

CVE-2021-22013 7.5 - High - September 23, 2021

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Directory traversal

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API

CVE-2021-22012 7.5 - High - September 23, 2021

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Missing Authentication for Critical Function

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library

CVE-2021-22011 5.3 - Medium - September 23, 2021

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.

The vCenter Server contains a denial-of-service vulnerability in VPXD service

CVE-2021-22010 7.5 - High - September 23, 2021

The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.

Resource Exhaustion

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service

CVE-2021-22009 7.5 - High - September 23, 2021

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.

Exposure of Resource to Wrong Sphere

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library

CVE-2021-21993 6.5 - Medium - September 23, 2021

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.

XSPA

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service

CVE-2021-22005 9.8 - Critical - September 23, 2021

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

Directory traversal

The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI

CVE-2021-22006 7.5 - High - September 23, 2021

The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing

CVE-2021-21992 6.5 - Medium - September 22, 2021

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens

CVE-2021-21991 7.8 - High - September 22, 2021

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).

VMware Workspace ONE Access and Identity Manager

CVE-2021-22002 9.8 - Critical - August 31, 2021

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.

authentification

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443

CVE-2021-22003 7.5 - High - August 31, 2021

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

Improper Restriction of Excessive Authentication Attempts

VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation

CVE-2021-22021 5.4 - Medium - August 30, 2021

VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.

XSS

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point

CVE-2021-22027 7.5 - High - August 30, 2021

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

XSPA

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point

CVE-2021-22026 7.5 - High - August 30, 2021

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

XSPA

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access

CVE-2021-22025 7.5 - High - August 30, 2021

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.

authentification

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability

CVE-2021-22023 7.2 - High - August 30, 2021

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

Insecure Direct Object Reference / IDOR

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability

CVE-2021-22022 4.9 - Medium - August 30, 2021

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.

Directory traversal

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability

CVE-2021-22024 7.5 - High - August 30, 2021

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.

Insertion of Sensitive Information into Log File

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability

CVE-2021-21994 9.8 - Critical - July 13, 2021

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

authentification

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue

CVE-2021-21995 7.5 - High - July 13, 2021

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

Out-of-bounds Read

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in

CVE-2021-21985 9.8 - Critical - May 26, 2021

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Improper Input Validation

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check

CVE-2021-21986 9.8 - Critical - May 26, 2021

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

Missing Authentication for Critical Function

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may

CVE-2021-21975 7.5 - High - March 31, 2021

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

XSPA

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may

CVE-2021-21983 6.5 - Medium - March 31, 2021

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551

CVE-2021-21974 8.8 - High - February 24, 2021

OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

Memory Corruption

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin

CVE-2021-21972 9.8 - Critical - February 24, 2021

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Directory traversal

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin

CVE-2021-21973 5.3 - Medium - February 24, 2021

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

XSPA

VMware Workspace One Access

CVE-2020-4006 9.1 - Critical - November 23, 2020

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

Command Injection

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability

CVE-2020-4005 7.8 - High - November 20, 2020

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)

Improper Privilege Management

VMware ESXi (7.0 before ESXi70U1b-17168206

CVE-2020-4004 8.2 - High - November 20, 2020

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Dangling pointer

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804

CVE-2020-3981 5.8 - Medium - October 20, 2020

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

TOCTTOU

In VMware ESXi (6.7 before ESXi670-201908101-SG

CVE-2020-3995 5.3 - Medium - October 20, 2020

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.

Memory Leak

VMware vCenter Server (6.7 before 6.7u3

CVE-2020-3994 7.4 - High - October 20, 2020

VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.

Improper Certificate Validation

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability

CVE-2020-3993 5.9 - Medium - October 20, 2020

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804

CVE-2020-3992 9.8 - Critical - October 20, 2020

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

Dangling pointer

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804

CVE-2020-3982 7.7 - High - October 20, 2020

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.

Memory Corruption

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services

CVE-2020-3976 5.3 - Medium - August 21, 2020

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Resource Exhaustion

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839

CVE-2020-3964 4.7 - Medium - June 25, 2020

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.

Use of Uninitialized Resource

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839

CVE-2020-3965 5.5 - Medium - June 25, 2020

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

Out-of-bounds Read

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839

CVE-2020-3963 5.5 - Medium - June 25, 2020

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.

Dangling pointer

Harbor API has a Broken Access Control vulnerability

CVE-2019-16919 7.5 - High - October 18, 2019

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.

Incorrect Default Permissions