114 matches found
CVE-2021-21972
The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...
CVE-2021-21972
The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...
CVE-2021-21973
The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...
CVE-2021-21973
The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
VMware has addressed multiple critical remote code execution RCE vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port...
VMware vSphere Client Server-Side Request Forgery Vulnerability
VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...
VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-21972
The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...
VMware vCenter Server 代码问题漏洞
VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...
CVE-2021-21973
The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...
KLA11142 DoS and OSI vulnerabilities in VMware products
Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in VMware...
The vulnerability of the software for managing Vmware vSphere Client lies in the improper limitation of XML references to external objects, which allows an attacker to access confidential information.
The vulnerability of the software for managing Vmware vSphere Client is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information by convincing users to connect to the malicious...
CVE-2016-7458
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2016-7458
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2016-7458
Summary of CVE-2016-7458 : VMware vSphere Client (versions 5.5 prior to U3e and 6.0 prior to U2a) contains an XML External Entity (XXE) vulnerability in which an XML document with an external entity declaration and an entity reference can cause information disclosure. The issue affects the vSpher...
CVE-2016-7458
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
VMware vSphere Client XXE Injection Information Disclosure (VMSA-2016-0022)
The version of vSphere Client installed on the remote Windows host is affected by an information disclosure vulnerability due to an incorrectly configured XML parser accepting XML external entities XXE from an untrusted source. An unauthenticated, remote attacker can exploit this issue to disclos...
VMware vSphere Client XML External Entity Information Disclosure Vulnerability
VMware vSphere is a virtualization platform for building cloud computing infrastructures from VMware that simplifies IT operations by separating applications and operating systems from the underlying hardware.VMware vSphere Client is a client software for VMware vSphere. An XML external entity...
VMSA-2016-0022:VMware product updates address information disclosure vulnerabilities
VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0022 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address information disclosure...
VM Disk Labels Out of Order After Restore
Challenge After Instant VM Recovery or Full VM Restore, a VMware VM appears to have been restored with its disks out of order. However, the disk files are each associated with the correct SCSI, IDE, or SATA disk IDs, disks are not out of order within the VM guest OS, and the VM otherwise function...
VMware vSphere Client Connection Detection
Binary data 9593.prm...