Total
99 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-22033 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations, Vrealize Suite Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | |||||
CVE-2021-22027 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. | |||||
CVE-2021-22026 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. | |||||
CVE-2021-22025 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. | |||||
CVE-2021-22024 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. | |||||
CVE-2021-22023 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. | |||||
CVE-2021-22022 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. | |||||
CVE-2021-22021 | 1 Vmware | 2 Cloud Foundation, Vrealize Log Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. | |||||
CVE-2021-22020 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server. | |||||
CVE-2021-22019 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. | |||||
CVE-2021-22018 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. | |||||
CVE-2021-22016 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link. | |||||
CVE-2021-22015 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | |||||
CVE-2021-22014 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server. | |||||
CVE-2021-22013 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
CVE-2021-22012 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
CVE-2021-22011 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation. | |||||
CVE-2021-22010 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service. | |||||
CVE-2021-22009 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. | |||||
CVE-2021-22008 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. |