Lucene search
K

42 matches found

Prion
Prion
added 2021/09/22 7:15 p.m.26 views

Denial of service

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

6.8CVSS7.9AI score0.00944EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/09/22 6:59 p.m.32 views

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

7.7AI score0.00944EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/22 6:59 p.m.36 views

CVE-2021-21991

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...

8.7AI score0.00306EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2018/01/02 4:3 p.m.20 views

VMware Issues 3 Critical Patches for vSphere Data Protection

VMware, a Dell Technologies subsidiary, released several patches Tuesday fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform. The bugs address three vulnerabilities in VMware’s vSphere Data Protection VDP, a backup and recovery solution used with its...

10CVSS2.6AI score0.08229EPSS
Exploits0References5
Prion
Prion
added 2017/11/17 2:29 p.m.21 views

Server side request forgery (ssrf)

The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...

5CVSS7.4AI score0.01237EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/11/17 2:0 p.m.73 views

CVE-2017-4928

CVE-2017-4928 affects the Flash-based vSphere Web Client (not the HTML5 client). The issue stems from improper neutralization of URLs, enabling SSRF and CRLF injection that could allow an attacker to send a crafted POST request towards internal services and disclose information. Affected VMware p...

7.5CVSS7.5AI score0.01237EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/11/13 12:0 a.m.28 views

VMware vCenter Server Information Disclosure Vulnerability (CNVD-2017-33977)

VMware vCenter Server provides a centralized, scalable platform for managing virtual infrastructure. An information disclosure vulnerability exists in VMware vCenter Server versions 5.5, 6.0, and 6.5. A remote user can trigger the URL authentication vulnerability by sending a specially crafted PO...

7.5CVSS7.1AI score0.01237EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2017/11/09 12:0 a.m.52 views

KLA11142 DoS and OSI vulnerabilities in VMware products

Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in VMware...

7.5CVSS8.2AI score0.02316EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2016/07/19 12:0 a.m.6 views

The vulnerability of the Vmware vCenter Server virtual infrastructure management tool allows a attacker to inject arbitrary Web or HTML code.

The vulnerability of the vSphere Web Client component, which is used for managing the virtual infrastructure of Vmware vCenter Server, exists due to the lack of security measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary We...

4.3CVSS6.5AI score0.00765EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.10 views

The software for managing VMware vCenter Server is vulnerable, allowing a hacker to execute arbitrary Java code.

The vulnerability of the VMware vSphere Web Client software for managing virtual infrastructure, specifically the VMware vCenter Server, is related to configuration errors of the JMX server. These errors arise due to the lack of authentication and encryption procedures when clients connect to the...

10CVSS7.5AI score0.89048EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2016/07/03 1:59 a.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS6.1AI score0.00765EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2016/07/03 1:59 a.m.23 views

CVE-2015-6931

Cross-site scripting XSS vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1CVSS6AI score0.00765EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/07/03 1:0 a.m.26 views

CVE-2015-6931

Cross-site scripting XSS vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6AI score0.00765EPSS
Exploits0References2
CVE
CVE
added 2016/07/03 1:0 a.m.76 views

CVE-2015-6931

CVE-2015-6931 is a reflected XSS in the vSphere Web Client of VMware vCenter Server. The vulnerability arises from insufficient input sanitization, allowing remote attackers to inject script via a crafted URL. Affected versions: vCenter Server 5.0 before 5.0u3g, 5.1 before 5.1u3d, and 5.5 before ...

6.1CVSS6AI score0.00765EPSS
Exploits0References2Affected Software1
VMware
VMware
added 2016/06/12 12:0 a.m.35 views

VMSA-2016-0009:VMware vCenter Server updates address an HIGH reflected cross-site scripting issue

VMSA-2016-0009 VMware vCenter Server updates address an important reflected cross-site scripting issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0009 VMware Security Advisory Synopsis: VMware vCenter Server updates address an important reflected cross-site scripting...

6.1CVSS6.4AI score0.00765EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2016/04/15 12:0 a.m.59 views

VMware Security Updates for vCenter Server (VMSA-2016-0004)

VMware vCenter Server updates address a critical security issue. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.6CVSS7.4AI score0.01399EPSS
Exploits0References1
Veeam
Veeam
added 2014/01/23 12:0 a.m.80 views

How to reinstall vSphere Web Client plug-in for Veeam Backup & Replication

Article Applicability This article is regarding the Local vSphere Client Plug-in only. Veeam Backup Enterprise Manager offers the following configurations of the vSphere Client plug-in: Local vSphere Client Plug-in -- For vSphere Client 7.0.0.x or earlier, the plug-in is installed locally on the...

6.5AI score
Exploits0Affected Software1
Veeam
Veeam
added 2014/01/22 12:0 a.m.21 views

Web Client Plug-in error: “invalid Single Sign-On token”

Challenge When a new user of the vSphere web client attempts to access the Veeam Web Client Plug-in, they encounter the following error: Server error: Failed to login to Veeam Backup Enterprise Manager. Login failed due to invalid Single Sign-On token Cause To successfully obtain statistics from...

7AI score
Exploits0
NVD
NVD
added 2013/10/21 10:54 a.m.20 views

CVE-2013-5971

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors...

6.8CVSS6.7AI score0.02023EPSS
Exploits0References4
Prion
Prion
added 2013/10/21 10:54 a.m.16 views

Session fixation

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors...

6.8CVSS7.2AI score0.02023EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder