11 matches found
Vulnerabilities fixed in VMWare products
VMware has fixed two vulnerabilities in Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager. An unauthenticated malicious person with access to the management environment could potentially exploit the vulnerabilities to gain gain...
The vulnerability of the VMware Workspace ONE Access application management platform, the VMware Identity Manager administration console, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software for managing application lifecycles is related to a flaw that allows attackers to disclose protected information.
The vulnerabilities of the VMware Workspace ONE Access application management platform, the VMware Identity Manager administration console, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software are related to information disclosure. Exploiting thes...
The vulnerability of the VMware Identity Manager administration console, the Workspace ONE Access application management platform, the Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software for application lifecycle management, arises from improper code generation. This allows an attacker to execute arbitrary code.
The vulnerabilities of VMware Identity Manager administration consoles, Workspace ONE Access application management platform, Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software are related to improper code generation. Exploiting these vulnerabilities allow...
The vulnerability of the monitoring tool for virtual infrastructure vRealize Operations, a platform for virtualization at VMware Cloud Foundation, and the application lifecycle management software vRealize Suite Lifecycle Manager lies in insufficient validation of incoming requests, allowing attackers to disclose sensitive information.
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software management tool is related to insufficient checking of incoming requests. Exploiting this vulnerabili...
The vulnerability of the monitoring tool for virtual infrastructure vRealize Operations, a platform for virtualization at VMware Cloud Foundation, and the application lifecycle management software vRealize Suite Lifecycle Manager lies in insufficient validation of incoming requests, allowing attackers to disclose sensitive information.
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software management tool is related to insufficient checking of incoming requests. Exploiting this vulnerabili...
The vulnerability of the monitoring tool for virtual infrastructure vRealize Operations, a platform for virtualization at VMware Cloud Foundation, and the application lifecycle management software vRealize Suite Lifecycle Manager lies in insufficient validation of incoming requests, allowing attackers to disclose sensitive information.
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software management tool is related to insufficient checking of incoming requests. Exploiting this vulnerabili...
The vulnerability of the VMware Identity Manager (vIDM), Workspace ONE Access, Cloud Foundation, and vRealize Suite Lifecycle Manager lies in the transmission of data through an unprotected primary channel, allowing attackers to circumvent existing security restrictions.
The vulnerability of the VMware Identity Manager vIDM, Workspace ONE Access, Cloud Foundation, and vRealize Suite Lifecycle Manager lies in the transmission of data through an unprotected primary channel. Exploiting this vulnerability allows a malicious actor to circumvent existing security...
VMware vRealize Operations Manager SSRF和文件读取漏洞(CVE-2021-21975 CVE-2021-21983)
Description On March 30, 2021, VMware published a security advisory for CVE-2021-21975 and CVE-2021-21983, two chainable vulnerabilities in its vRealize Operations Manager product. CVE-2021-21975 is an unauthenticated server-side request forgery SSRF, while CVE-2021-21983 is an authenticated...
VMware Releases Security Updates
VMware has released security updates to address multiple vulnerabilities affecting vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...
VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)
1. Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction Multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware. Patches and Workarounds are available to address these vulnerabilities in impacted...
Critical Unpatched VMware Flaw Affects Multiple Corporates Products
VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the...