vmware

950 tracked vulnerabilities.

CVE-2021-22014 HIGH
vCenter Server - Authenticated Code Execution
Sep 23, 2021
CVSS 7.2
EPSS 0.01
CVE-2021-22013 HIGH
VMware Cloud Foundation 3.0-5.0 & vCenter Server - Path Traversal & Info Disclosure via API
Sep 23, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22012 HIGH
VMware Cloud Foundation 3.0-5.0 and vCenter Server - Unauthenticated Information Disclosure via Appliance Management API
Sep 23, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22011 MEDIUM
vCenter Server - Unauthenticated RCE
Sep 23, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-22010 HIGH
VMware Cloud Foundation 3.0-4.0 and vCenter Server - Denial of Service via VPXD Service Memory Consumption
Sep 23, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22009 HIGH
VMware Cloud Foundation 3.0-4.0 and vCenter Server - Denial of Service via VAPI Service Memory Exhaustion
Sep 23, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22008 HIGH
VMware Cloud Foundation 3.0-4.0 and vCenter Server - Information Disclosure via VAPI JSON-RPC Message
Sep 23, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22007 MEDIUM
VMware Cloud Foundation 3.0-4.3 - Authenticated Information Disclosure in Analytics Service
Sep 23, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-22006 HIGH
VMware Cloud Foundation 3.0-4.9 and vCenter Server - Reverse Proxy Bypass via URI Handling
Sep 23, 2021
CVSS 7.5
EPSS 0.57
CVE-2021-22005 CRITICAL KEVNUCLEI
VMware Cloud Foundation 3.0-4.0 and vCenter Server - Arbitrary File Upload via Analytics Service
Sep 23, 2021
CVSS 9.8
EPSS 0.94
CVE-2021-21993 MEDIUM
VMware Cloud Foundation 3.0-5.0 and vCenter Server - Server-Side Request Forgery in Content Library
Sep 23, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-21992 MEDIUM
VMware Cloud Foundation >=3.0 <3.10.2.2 and vCenter Server - Denial of Service via XML Entity Parsing
Sep 22, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-21991 HIGH
VMware Cloud Foundation 3.0-3.10.2.1 and vCenter Server - Local Privilege Escalation via Session Token Handling
Sep 22, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-22003 HIGH
VMware Workspace ONE Access and Identity Manager - User Enumeration and Brute Force via Port 7443 Login Interface
Aug 31, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22002 CRITICAL
VMware Workspace ONE Access/Identity Manager - Unauthenticated Diagnostic Endpoint Access via Host Header Tampering
Aug 31, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-22029 HIGH
VMware Workspace ONE UEM Console 20.1.0.0-20.1.0.33 - Denial of Service via REST API Session Endpoint
Aug 31, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22021 MEDIUM
VMware vRealize Log Insight 8.x < 8.4 - Stored Cross-Site Scripting via Shared Dashboard Link
Aug 30, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-22027 HIGH
VMware vRealize Operations Manager 8.0.0-8.4.x - Unauthenticated Server-Side Request Forgery via API Endpoint
Aug 30, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22026 HIGH
VMware vRealize Operations Manager 8.0.0-8.4.x - Unauthenticated Server-Side Request Forgery via API Endpoint
Aug 30, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22025 HIGH
VMware vRealize Operations Manager 8.0.0-8.4.x - Unauthenticated API Access via Broken Access Control
Aug 30, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22024 HIGH
VMware vRealize Operations Manager < 8.5.0 - Unauthenticated Arbitrary Log File Read
Aug 30, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22023 HIGH
VMware vRealize Operations Manager 8.0.0-8.4.x - Authenticated Account Takeover via Insecure Object Reference
Aug 30, 2021
CVSS 7.2
EPSS 0.00
CVE-2021-22022 MEDIUM
VMware vRealize Operations Manager 8.0.0-8.4.x - Arbitrary File Read via API
Aug 30, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-22000 HIGH
VMware ThinApp 5.2-5.2.9 - Uncontrolled Search Path Element
Jul 13, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-21995 HIGH
VMware Cloud Foundation 3.0-3.10.1 and 4.0-4.2 - Denial of Service via OpenSLP Heap Out-of-Bounds Read
Jul 13, 2021
CVSS 7.5
EPSS 0.00
Products
workstation 213 esxi 139 cloud_foundation 132 fusion 131 player 89 esx 86 vcenter_server 79 server 58 spring_framework 48 ace 44 identity_manager 28 workstation_pro 27 workstation_player 26 horizon_client 25 spring_security 24 Workstation 23 tools 22 vrealize_suite_lifecycle_manager 21 vrealize_automation 20 spring_boot 18 vrealize_operations 18 ESXi 16 vmware_workstation 15 vrealize_log_insight 15 workspace_one_access 15 horizon_view 14 spring_ai 14 vcenter_server_appliance 14 Fusion 13 aria_operations 13
Quick Filters
Critical CVEs With Exploits In CISA KEV