1050 matches found
CVE-2021-22005
CVE-2021-22005 affects VMware vCenter Server via an arbitrary file upload vulnerability in the Analytics service. With network access to port 443, an attacker can upload a crafted file to trigger remote code execution. Public PoCs and exploits exist (e.g., VM attack surfaces and multiple advisori...
CVE-2021-21993
CVE-2021-21993 describes a Server-Side Request Forgery (SSRF) in VMware vCenter Server Content Library. An authorised user with content library access can trigger a POST request to vCenter Server, causing information disclosure. Affected ecosystem includes VMware vCenter Server versions vulnerabl...
CVE-2021-21993
The vCenter Server contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosur...
CVE-2021-22015
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance...
CVE-2021-22017
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. Recent assessments: Assessed...
CVE-2021-22005
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. Recent assessments: wvu-r7 at September...
PT-2021-4316
Name of the Vulnerable Software and Affected Versions vCenter Server affected versions not specified Description The issue is related to improper implementation of URI normalization in the rhttproxy service used by vCenter Server. This allows a malicious actor with network access to port 443 on...
The vulnerability of the analytics service for managing virtual infrastructure in VMware vCenter Server, related to the possibility of loading arbitrary files, allows a attacker to execute arbitrary code.
The vulnerability of the analytics service for managing virtual infrastructure in VMware vCenter Server relates to the possibility of loading any file through port 443. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
CVE-2021-22015
This CVE affects VMware vCenter Server (vCenter Appliance) and describes local privilege escalation due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. An authenticated local user in the cis group can write to this file and cause vmware-vmon to run as root, elevating p...
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...
CVE-2021-21992
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...
CVE-2021-21992
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...
Privilege escalation
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...
Denial of service
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...
CVE-2021-21992
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...
CVE-2021-21992
CVE-2021-21992 describes a denial-of-service vulnerability in VMware vCenter Server caused by improper XML entity parsing. An attacker with non-administrative access to the vCenter HTML5/vSphere Web Client could trigger a DoS on the vCenter host. Affected product: VMware vCenter Server (and Cloud...
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...
CVE-2021-21991
VMware vCenter Server has a local privilege-escalation vulnerability (CVE-2021-21991) caused by improper handling of session tokens. A non-administrative user with local access can escalate to Administrator on the vSphere Client (HTML5) or vCenter Web Client (FLEX/Flash). Public reports consisten...
VMware Warns of Ransomware-Friendly Bug in vCenter Server
VMware has released a security update that includes patches for 19 CVE-numbered vulnerabilities that affect the company’s vCenter Server virtualization management platform and its hybrid Cloud Foundation platform for managing VMs and orchestrating containers. They’re all serious, but one –...