Lucene search
K

114 matches found

Vulnrichment
Vulnrichment
added 2021/02/24 4:42 p.m.5 views

CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

10AI score0.9957EPSS
Exploits47References4
Cvelist
Cvelist
added 2021/02/24 4:42 p.m.43 views

CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

10AI score0.9957EPSS
Exploits47References4
Cvelist
Cvelist
added 2021/02/24 4:42 p.m.33 views

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

5.8AI score0.88012EPSS
Exploits8References1
Vulnrichment
Vulnrichment
added 2021/02/24 4:42 p.m.12 views

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

6.5AI score0.88012EPSS
Exploits8References1
The Hacker News
The Hacker News
added 2021/02/24 7:54 a.m.1874 views

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

VMware has addressed multiple critical remote code execution RCE vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port...

10CVSS1AI score0.99999EPSS
Exploits103
CNVD
CNVD
added 2021/02/24 12:0 a.m.11 views

VMware vSphere Client Server-Side Request Forgery Vulnerability

VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...

5.3CVSS6.5AI score0.88012EPSS
Exploits8References1
ATTACKERKB
ATTACKERKB
added 2021/02/24 12:0 a.m.338 views

VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

10CVSS10AI score0.9957EPSS
In wildExploits47References6
CNNVD
CNNVD
added 2021/02/24 12:0 a.m.6 views

VMware vCenter Server 代码问题漏洞

VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...

5.3CVSS7AI score0.88012EPSS
Exploits8References6
ATTACKERKB
ATTACKERKB
added 2021/02/24 12:0 a.m.56 views

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

5.3CVSS2.5AI score0.88012EPSS
In wildExploits8References2
Kaspersky
Kaspersky
added 2017/11/09 12:0 a.m.52 views

KLA11142 DoS and OSI vulnerabilities in VMware products

Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in VMware...

7.5CVSS8.2AI score0.02316EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/10/05 12:0 a.m.6 views

The vulnerability of the software for managing Vmware vSphere Client lies in the improper limitation of XML references to external objects, which allows an attacker to access confidential information.

The vulnerability of the software for managing Vmware vSphere Client is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information by convincing users to connect to the malicious...

4.3CVSS6.5AI score0.01227EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2016/12/29 9:59 a.m.4 views

CVE-2016-7458

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

5.8CVSS5.8AI score0.01227EPSS
Exploits0References3
NVD
NVD
added 2016/12/29 9:59 a.m.28 views

CVE-2016-7458

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

5.8CVSS5.7AI score0.01227EPSS
Exploits0References3
CVE
CVE
added 2016/12/29 9:2 a.m.76 views

CVE-2016-7458

Summary of CVE-2016-7458 : VMware vSphere Client (versions 5.5 prior to U3e and 6.0 prior to U2a) contains an XML External Entity (XXE) vulnerability in which an XML document with an external entity declaration and an entity reference can cause information disclosure. The issue affects the vSpher...

5.8CVSS7.1AI score0.01227EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/12/29 9:2 a.m.24 views

CVE-2016-7458

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6AI score0.01227EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/12/09 12:0 a.m.217 views

VMware vSphere Client XXE Injection Information Disclosure (VMSA-2016-0022)

The version of vSphere Client installed on the remote Windows host is affected by an information disclosure vulnerability due to an incorrectly configured XML parser accepting XML external entities XXE from an untrusted source. An unauthenticated, remote attacker can exploit this issue to disclos...

5.8CVSS6.8AI score0.01227EPSS
Exploits0References2
CNVD
CNVD
added 2016/11/29 12:0 a.m.5 views

VMware vSphere Client XML External Entity Information Disclosure Vulnerability

VMware vSphere is a virtualization platform for building cloud computing infrastructures from VMware that simplifies IT operations by separating applications and operating systems from the underlying hardware.VMware vSphere Client is a client software for VMware vSphere. An XML external entity...

5.8CVSS6.2AI score0.01227EPSS
Exploits0References1
VMware
VMware
added 2016/11/20 12:0 a.m.103 views

VMSA-2016-0022:VMware product updates address information disclosure vulnerabilities

VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0022 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address information disclosure...

9.1CVSS7AI score0.02146EPSS
Exploits0References8Affected Software3
Veeam
Veeam
added 2016/10/11 12:0 a.m.35 views

VM Disk Labels Out of Order After Restore

Challenge After Instant VM Recovery or Full VM Restore, a VMware VM appears to have been restored with its disks out of order. However, the disk files are each associated with the correct SCSI, IDE, or SATA disk IDs, disks are not out of order within the VM guest OS, and the VM otherwise function...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/09/30 12:0 a.m.15 views

VMware vSphere Client Connection Detection

Binary data 9593.prm...

7.3AI score
Exploits0References2
Rows per page
Query Builder