42 matches found
Denial of service
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...
CVE-2021-21992
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...
VMware Issues 3 Critical Patches for vSphere Data Protection
VMware, a Dell Technologies subsidiary, released several patches Tuesday fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. The bugs address three vulnerabilities in VMware’s vSphere Data Protection VDP, a backup and recovery solution used with its...
Server side request forgery (ssrf)
The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...
CVE-2017-4928
CVE-2017-4928 affects the Flash-based vSphere Web Client (not the HTML5 client). The issue stems from improper neutralization of URLs, enabling SSRF and CRLF injection that could allow an attacker to send a crafted POST request towards internal services and disclose information. Affected VMware p...
VMware vCenter Server Information Disclosure Vulnerability (CNVD-2017-33977)
VMware vCenter Server provides a centralized, scalable platform for managing virtual infrastructure. An information disclosure vulnerability exists in VMware vCenter Server versions 5.5, 6.0, and 6.5. A remote user can trigger the URL authentication vulnerability by sending a specially crafted PO...
KLA11142 DoS and OSI vulnerabilities in VMware products
Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in VMware...
The vulnerability of the Vmware vCenter Server virtual infrastructure management tool allows a attacker to inject arbitrary Web or HTML code.
The vulnerability of the vSphere Web Client component, which is used for managing the virtual infrastructure of Vmware vCenter Server, exists due to the lack of security measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary We...
The software for managing VMware vCenter Server is vulnerable, allowing a hacker to execute arbitrary Java code.
The vulnerability of the VMware vSphere Web Client software for managing virtual infrastructure, specifically the VMware vCenter Server, is related to configuration errors of the JMX server. These errors arise due to the lack of authentication and encryption procedures when clients connect to the...
Cross site scripting
Cross-site scripting XSS vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2015-6931
Cross-site scripting XSS vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2015-6931
Cross-site scripting XSS vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2015-6931
CVE-2015-6931 is a reflected XSS in the vSphere Web Client of VMware vCenter Server. The vulnerability arises from insufficient input sanitization, allowing remote attackers to inject script via a crafted URL. Affected versions: vCenter Server 5.0 before 5.0u3g, 5.1 before 5.1u3d, and 5.5 before ...
VMSA-2016-0009:VMware vCenter Server updates address an HIGH reflected cross-site scripting issue
VMSA-2016-0009 VMware vCenter Server updates address an important reflected cross-site scripting issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0009 VMware Security Advisory Synopsis: VMware vCenter Server updates address an important reflected cross-site scripting...
VMware Security Updates for vCenter Server (VMSA-2016-0004)
VMware vCenter Server updates address a critical security issue. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
How to reinstall vSphere Web Client plug-in for Veeam Backup & Replication
Article Applicability This article is regarding the Local vSphere Client Plug-in only. Veeam Backup Enterprise Manager offers the following configurations of the vSphere Client plug-in: Local vSphere Client Plug-in -- For vSphere Client 7.0.0.x or earlier, the plug-in is installed locally on the...
Web Client Plug-in error: “invalid Single Sign-On token”
Challenge When a new user of the vSphere web client attempts to access the Veeam Web Client Plug-in, they encounter the following error: Server error: Failed to login to Veeam Backup Enterprise Manager. Login failed due to invalid Single Sign-On token Cause To successfully obtain statistics from...
CVE-2013-5971
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors...
Session fixation
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors...