114 matches found
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...
Denial of service
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...
Privilege escalation
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...
CVE-2021-21992
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...
Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins
Hello guys! The fourth episode of Last Week’s Security news, July 12 – July 18. I would like to start with some new public exploits. I think these 4 are the most interesting. If you remember, 2 weeks ago I mentioned the ForgeRock Access Manager and OpenAM vulnerability CVE-2021-35464. Now there i...
VulnCheck KEV: CVE-2021-21985
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...
The vulnerability of software for managing Vmware vSphere Client lies in its authentication procedures’ flaws, which allow attackers to bypass the authentication process or gain unauthorized access to the device.
The vulnerability of the software for managing Vmware vSphere Client is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass the authentication process or gain unauthorized access to the device by gaining access to port 443...
Exploit for Unsafe Reflection in Vmware Vcenter_Server
CVE-2021-21985 Vulnerable Code !06testclassmethodhtt...
Vmware vSphere Client Authorization Issues Vulnerability
Vmware vSphere Client is an application from Vmware, Inc. It provides virtualization management. An authorization issue vulnerability exists in Vmware vSphere Client, which can be exploited by an attacker to perform actions allowed by an affected plugin without authentication...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21986
The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...
CVE-2021-21986
The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
Remote code execution
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21986
The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21985
CVE-2021-21985 affects VMware vCenter Server via the vSphere Client (HTML5) and the default-enabled Virtual SAN Health Check plug‑in. Root cause: improper input validation leads to remote code execution when an attacker with network access to port 443 sends crafted input, enabling commands with u...
VMware vSphere Client 访问控制错误漏洞
Vmware vSphere Client is an application from Vmware, Inc. It provides virtualization management. An authorization issue vulnerability exists in Vmware vSphere Client, which can be exploited by an attacker to perform actions allowed by an affected plugin without authentication...