Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Vmware Subscribe
Filtered by product Cloud Foundation
Total 86 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22945 1 Vmware 2 Cloud Foundation, Nsx Data Center 2022-02-24 7.2 HIGH 7.8 HIGH
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.
CVE-2022-22939 1 Vmware 1 Cloud Foundation 2022-02-09 4.0 MEDIUM 4.9 MEDIUM
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
CVE-2020-3976 1 Vmware 3 Cloud Foundation, Esxi, Vcenter Server 2022-02-03 5.0 MEDIUM 5.3 MEDIUM
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
CVE-2021-22022 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2022-02-01 4.0 MEDIUM 4.9 MEDIUM
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
CVE-2021-22023 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2022-02-01 6.5 MEDIUM 7.2 HIGH
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.
CVE-2021-22024 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2022-02-01 5.0 MEDIUM 7.5 HIGH
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
CVE-2021-22025 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2022-02-01 5.0 MEDIUM 7.5 HIGH
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.
CVE-2021-22026 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2022-02-01 5.0 MEDIUM 7.5 HIGH
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
CVE-2021-22027 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2022-02-01 5.0 MEDIUM 7.5 HIGH
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
CVE-2021-21983 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2022-02-01 8.5 HIGH 6.5 MEDIUM
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
CVE-2021-21975 1 Vmware 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager 2022-02-01 5.0 MEDIUM 7.5 HIGH
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
CVE-2021-22045 2 Apple, Vmware 5 Mac Os X, Cloud Foundation, Esxi and 2 more 2022-01-27 6.9 MEDIUM 7.8 HIGH
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
CVE-2021-22005 1 Vmware 2 Cloud Foundation, Vcenter Server 2021-11-30 7.5 HIGH 9.8 CRITICAL
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
CVE-2021-22035 1 Vmware 3 Cloud Foundation, Vrealize Log Insight, Vrealize Suite Lifecycle Manager 2021-10-20 4.0 MEDIUM 4.3 MEDIUM
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
CVE-2021-22033 1 Vmware 3 Cloud Foundation, Vrealize Operations, Vrealize Suite Lifecycle Manager 2021-10-19 4.0 MEDIUM 2.7 LOW
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
CVE-2021-22018 1 Vmware 2 Cloud Foundation, Vcenter Server 2021-09-30 6.4 MEDIUM 6.5 MEDIUM
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
CVE-2021-22019 1 Vmware 2 Cloud Foundation, Vcenter Server 2021-09-30 5.0 MEDIUM 7.5 HIGH
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
CVE-2021-22020 1 Vmware 2 Cloud Foundation, Vcenter Server 2021-09-30 2.1 LOW 5.5 MEDIUM
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
CVE-2021-21993 1 Vmware 2 Cloud Foundation, Vcenter Server 2021-09-27 4.0 MEDIUM 6.5 MEDIUM
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
CVE-2021-22006 1 Vmware 2 Cloud Foundation, Vcenter Server 2021-09-27 5.0 MEDIUM 7.5 HIGH
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.