Latest vmware cloud foundation Vulnerabilities

CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflow...
Atlassian Confluence Data Center=8
Atlassian Confluence Server=8
Atlassian Jira Software Data Center=8.20.0
Atlassian Jira Software Data Center=9.4.0
Atlassian Jira Software Data Center=9.5.0
Atlassian Jira Software Data Center=9.6.0
and 13 more
CVE-2023-34043
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
VMware Aria Operations=8.6.0
VMware Aria Operations=8.10.0
VMware Aria Operations=8.12.0
VMware Aria Operations=8.12.0-hotfix1
VMware Aria Operations=8.12.0-hotfix2
VMware Aria Operations=8.12.0-hotfix3
and 2 more
CVE-2023-20884
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain...
VMware Identity Manager=3.3.6
VMware Identity Manager=3.3.7
Linux Linux kernel
VMware Workspace ONE Access>=21.0.8.0<=22.09.1.0
VMware Cloud Foundation
Vmware Identity Manager Connector
and 1 more
CVE-2023-20878
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
VMware Cloud Foundation>=4.0<=4.5
Vmware Vrealize Operations=8.6.0
Vmware Vrealize Operations=8.6.0-hotfix1
Vmware Vrealize Operations=8.6.0-hotfix2
Vmware Vrealize Operations=8.6.0-hotfix4
Vmware Vrealize Operations=8.6.0-hotfix5
and 6 more
CVE-2023-20877
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
VMware Cloud Foundation>=4.0<=4.5
Vmware Vrealize Operations=8.6.0
Vmware Vrealize Operations=8.6.0-hotfix1
Vmware Vrealize Operations=8.6.0-hotfix2
Vmware Vrealize Operations=8.6.0-hotfix4
Vmware Vrealize Operations=8.6.0-hotfix5
and 6 more
CVE-2023-20879
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying o...
VMware Cloud Foundation>=4.0<=4.5
Vmware Vrealize Operations=8.6.0
Vmware Vrealize Operations=8.6.0-hotfix1
Vmware Vrealize Operations=8.6.0-hotfix2
Vmware Vrealize Operations=8.6.0-hotfix4
Vmware Vrealize Operations=8.6.0-hotfix5
and 6 more
CVE-2023-20880
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
VMware Aria Operations>=8.6.0<8.12.0
VMware Cloud Foundation>=4.0<=4.5
CVE-2023-20865
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
VMware Aria Operations for Logs>=8.6.0<8.12.0
VMware Cloud Foundation>=4.0<=4.5
CVE-2023-20864
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary co...
VMware Aria Operations for Logs>=8.10.2<8.12.0
VMware Cloud Foundation>=4.0<=4.5
CVE-2022-31700
Vmware Access=21.08.0.0
Vmware Access=21.08.0.1
VMware Cloud Foundation
VMware Identity Manager=3.3.6
Microsoft Windows
CVE-2022-31701
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSS...
Vmware Access=21.08.0.0
Vmware Access=21.08.0.1
Vmware Access=22.09.0.0
VMware Cloud Foundation
Vmware Identity Manager Connector=3.3.6
Linux Linux kernel
CVE-2022-31696
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading ...
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0<4.3.11
VMware Cloud Foundation=3.10
VMware Cloud Foundation=3.11
VMware Cloud Foundation=4.3.11
VMware Cloud Foundation=4.4
and 260 more
CVE-2022-31697
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Applian...
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
VMware vCenter Server=6.5-d
VMware vCenter Server=6.5-update1
and 64 more
CVE-2022-31698
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a de...
VMware Cloud Foundation=3.0
VMware Cloud Foundation=3.0.1
VMware Cloud Foundation=3.0.1.1
VMware Cloud Foundation=3.5
VMware Cloud Foundation=3.5.1
VMware Cloud Foundation=3.7
and 99 more
CVE-2022-31678
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-servic...
VMware Cloud Foundation<3.11
Vmware Nsx Data Center<6.4.14
CVE-2022-31681
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
VMware Cloud Foundation>=4.2<4.3.1.1
VMware Cloud Foundation=4.4
VMware Cloud Foundation=4.4.1
VMware Cloud Foundation=4.4.1.1
VMware ESXi<7.0
VMware ESXi=7.0
and 15 more
CVE-2022-22982
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request out...
VMware Cloud Foundation>=3.0<=3.11
VMware Cloud Foundation>=4.0<=4.3.1
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 63 more
CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may b...
VMware Identity Manager=3.3.3
VMware Identity Manager=3.3.4
VMware Identity Manager=3.3.5
VMware Identity Manager=3.3.6
VMware vRealize Automation=7.6
VMware Workspace ONE Access=20.10.0.0
and 55 more
CVE-2022-22973
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
VMware Identity Manager=3.3.3
VMware Identity Manager=3.3.4
VMware Identity Manager=3.3.5
VMware Identity Manager=3.3.6
VMware Workspace ONE Access=20.10.0.0
VMware Workspace ONE Access=20.10.0.1
and 34 more
CVE-2022-22959
VMware Cloud Foundation>=3.0<5.0
VMware Identity Manager=3.3.3
VMware Identity Manager=3.3.4
VMware Identity Manager=3.3.5
VMware Identity Manager=3.3.6
VMware vRealize Automation>=8.0<9.0
and 7 more
CVE-2022-22957
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access ...
VMware Cloud Foundation>=3.0<5.0
VMware Identity Manager=3.3.3
VMware Identity Manager=3.3.4
VMware Identity Manager=3.3.5
VMware Identity Manager=3.3.6
VMware vRealize Automation>=8.0<9.0
and 7 more
CVE-2022-22958
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access ...
VMware Cloud Foundation>=3.0<5.0
VMware Identity Manager=3.3.3
VMware Identity Manager=3.3.4
VMware Identity Manager=3.3.5
VMware Identity Manager=3.3.6
VMware vRealize Automation>=8.0<9.0
and 7 more
CVE-2022-22960
VMware Multiple Products Privilege Escalation Vulnerability
VMware Cloud Foundation>=3.0<5.0
VMware Identity Manager=3.3.3
VMware Identity Manager=3.3.4
VMware Identity Manager=3.3.5
VMware Identity Manager=3.3.6
VMware vRealize Automation>=8.0<9.0
and 8 more
CVE-2022-22961
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak...
VMware Cloud Foundation>=3.0<5.0
VMware Identity Manager=3.3.3
VMware Identity Manager=3.3.4
VMware Identity Manager=3.3.5
VMware Identity Manager=3.3.6
VMware vRealize Automation>=8.0<9.0
and 7 more
CVE-2022-22954
VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
VMware Identity Manager=3.3.3
VMware Identity Manager=3.3.4
VMware Identity Manager=3.3.5
VMware Identity Manager=3.3.6
VMware vRealize Automation>=8.0<=8.6
VMware vRealize Automation=7.6
and 8 more
CVE-2022-22948
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue t...
VMware Cloud Foundation>=3.0<3.11
VMware Cloud Foundation=3.11
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 57 more
CVE-2022-22945
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.
VMware Cloud Foundation>=3.0<=3.11
Vmware Nsx Data Center<6.4.13
CVE-2021-22050
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelmi...
VMware Cloud Foundation>=3.0<3.11
VMware Cloud Foundation>=4.0<4.4
VMware ESXi=6.5
VMware ESXi=6.7
VMware ESXi=6.7-670-201806001
VMware ESXi=6.7-670-201807001
and 159 more
CVE-2021-22042
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to acc...
VMware Cloud Foundation>=4.0<4.4
VMware ESXi=7.0-update_1
VMware ESXi=7.0-update_2
VMware ESXi=7.0-update_3
CVE-2021-22041
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue...
VMware Cloud Foundation>=3.0<3.11
VMware Cloud Foundation>=4.0<4.4
VMware Fusion>=12.0.0<12.2.1
VMware Fusion
VMware Workstation>=16.0.0<16.2.1
VMware ESXi=6.5-650-202202401
and 165 more
CVE-2021-22040
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this iss...
VMware Cloud Foundation>=3.0<3.11
VMware Cloud Foundation>=4.0<4.4
VMware Fusion>=12.0.0<12.2.1
VMware Workstation Player>=16.0.0<16.2.1
VMware Workstation Pro>=16.0.0<16.2.1
VMware ESXi=6.5
and 167 more
CVE-2022-22939
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access o...
VMware Cloud Foundation>=3.0<=3.10.2.2
VMware Cloud Foundation>=4.0<=4.1.0.1
CVE-2021-22045
VMware Workstation SCSI Heap-based Buffer Overflow Privilege Escalation Vulnerability
VMware Workstation
VMware Cloud Foundation>=3.0<=3.10.2.2
VMware Cloud Foundation>=4.0<=4.3.1
VMware Workstation>=16.0.0<16.2.0
VMware Fusion>=12.0.0<12.2.0
Apple Mac OS X
and 213 more
CVE-2021-22048
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Se...
VMware Cloud Foundation>=3.0<=3.10.2.2
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
VMware Cloud Foundation>=4.0<=4.1.0.1
CVE-2021-22033
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
VMware Cloud Foundation>=3.0.0<=4.3.1
Vmware Vrealize Operations>=7.0.0<8.6.0
Vmware Vrealize Suite Lifecycle Manager>=8.0<=8.2
CVE-2021-22035
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-adminis...
VMware Cloud Foundation>=4.0.0<=4.3.1
VMware vRealize Log Insight>8.0.0<8.60
Vmware Vrealize Suite Lifecycle Manager>=8.0.0<=8.2
CVE-2021-22019
VMware Cloud Foundation>=3.0<3.10.2.2
VMware Cloud Foundation>=4.0<4.3
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22020
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter S...
VMware Cloud Foundation>=3.0<3.10.2.2
VMware Cloud Foundation>=4.0<4.3
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22016
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim int...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
CVE-2021-22018
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit th...
VMware Cloud Foundation>=4.0<4.3.1
VMware vCenter Server=7.0
CVE-2021-22015
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may ...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22014
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter ...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22013
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server m...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22012
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit ...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22005
VMware vCenter Server File Upload Vulnerability
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-21993
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22007
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sens...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22006
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22009
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to cr...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22011
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to p...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203