Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Filtered by product Cloud Foundation
Total 99 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31678 1 Vmware 2 Cloud Foundation, Nsx Data Center 2024-11-21 N/A 9.1 CRITICAL
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVE-2022-22982 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 N/A 7.5 HIGH
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
CVE-2022-22973 2 Linux, Vmware 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more 2024-11-21 7.2 HIGH 7.8 HIGH
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-22972 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
CVE-2022-22961 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
CVE-2022-22960 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 7.2 HIGH 7.8 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-22959 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
CVE-2022-22958 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVE-2022-22957 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVE-2022-22954 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVE-2022-22948 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
CVE-2022-22945 1 Vmware 2 Cloud Foundation, Nsx Data Center 2024-11-21 7.2 HIGH 7.8 HIGH
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.
CVE-2022-22939 1 Vmware 1 Cloud Foundation 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
CVE-2021-22050 1 Vmware 2 Cloud Foundation, Esxi 2024-11-21 5.0 MEDIUM 7.5 HIGH
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.
CVE-2021-22048 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 6.5 MEDIUM 8.8 HIGH
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
CVE-2021-22045 2 Apple, Vmware 5 Mac Os X, Cloud Foundation, Esxi and 2 more 2024-11-21 6.9 MEDIUM 7.8 HIGH
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
CVE-2021-22042 1 Vmware 2 Cloud Foundation, Esxi 2024-11-21 4.6 MEDIUM 7.8 HIGH
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
CVE-2021-22041 1 Vmware 4 Cloud Foundation, Esxi, Fusion and 1 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVE-2021-22040 1 Vmware 5 Cloud Foundation, Esxi, Fusion and 2 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVE-2021-22035 1 Vmware 3 Cloud Foundation, Vrealize Log Insight, Vrealize Suite Lifecycle Manager 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.