Lucene search
+L

114 matches found

OSV
OSV
added 2021/09/22 7:15 p.m.7 views

CVE-2021-21991

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...

7.8CVSS7.4AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2021/09/22 7:15 p.m.33 views

CVE-2021-21991

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...

7.8CVSS0.00316EPSS
Exploits0References1
Prion
Prion
added 2021/09/22 7:15 p.m.26 views

Denial of service

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

6.8CVSS7.9AI score0.00976EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/09/22 7:15 p.m.22 views

Privilege escalation

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...

4.6CVSS8.9AI score0.00316EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/09/22 6:59 p.m.32 views

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

7.7AI score0.00976EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/22 6:59 p.m.36 views

CVE-2021-21991

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client HTML5 or vCenter Serve...

8.7AI score0.00316EPSS
Exploits0References1
Information Security Automation
Information Security Automation
added 2021/07/19 4:29 p.m.347 views

Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins

Hello guys! The fourth episode of Last Week’s Security news, July 12 – July 18. I would like to start with some new public exploits. I think these 4 are the most interesting. If you remember, 2 weeks ago I mentioned the ForgeRock Access Manager and OpenAM vulnerability CVE-2021-35464. Now there i...

10CVSS9.6AI score0.99999EPSS
Exploits31
VulnCheck KEV
VulnCheck KEV
added 2021/06/04 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-21985

VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...

10CVSS7.7AI score0.99999EPSS
Exploits13References1
BDU FSTEC
BDU FSTEC
added 2021/06/04 12:0 a.m.4 views

The vulnerability of software for managing Vmware vSphere Client lies in its authentication procedures’ flaws, which allow attackers to bypass the authentication process or gain unauthorized access to the device.

The vulnerability of the software for managing Vmware vSphere Client is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass the authentication process or gain unauthorized access to the device by gaining access to port 443...

6.5CVSS8AI score0.12918EPSS
Exploits0References3Affected Software2
GithubExploit
GithubExploit
added 2021/05/29 1:7 p.m.259 views

Exploit for Unsafe Reflection in Vmware Vcenter_Server

CVE-2021-21985 Vulnerable Code !06testclassmethodhtt...

10CVSS9.9AI score0.99999EPSS
Exploits13
CNVD
CNVD
added 2021/05/28 12:0 a.m.9 views

Vmware vSphere Client Authorization Issues Vulnerability

Vmware vSphere Client is an application from Vmware, Inc. It provides virtualization management. An authorization issue vulnerability exists in Vmware vSphere Client, which can be exploited by an attacker to perform actions allowed by an affected plugin without authentication...

10CVSS6.6AI score0.12918EPSS
Exploits0References1
NVD
NVD
added 2021/05/26 3:15 p.m.42 views

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10CVSS0.99999EPSS
Exploits13References4
NVD
NVD
added 2021/05/26 3:15 p.m.35 views

CVE-2021-21986

The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...

10CVSS0.12918EPSS
Exploits0References2
OSV
OSV
added 2021/05/26 3:15 p.m.8 views

CVE-2021-21986

The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...

9.8CVSS7.5AI score0.12918EPSS
Exploits0References2
OSV
OSV
added 2021/05/26 3:15 p.m.6 views

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

9.8CVSS8.1AI score0.99999EPSS
Exploits13References4
Prion
Prion
added 2021/05/26 3:15 p.m.39 views

Remote code execution

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10CVSS9.8AI score0.99999EPSS
Exploits13References3Affected Software2
Cvelist
Cvelist
added 2021/05/26 2:4 p.m.32 views

CVE-2021-21986

The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...

9.8AI score0.12918EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/05/26 2:4 p.m.14 views

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10AI score0.99999EPSS
Exploits13References3
CVE
CVE
added 2021/05/26 2:4 p.m.1642 views

CVE-2021-21985

CVE-2021-21985 affects VMware vCenter Server via the vSphere Client (HTML5) and the default-enabled Virtual SAN Health Check plug‑in. Root cause: improper input validation leads to remote code execution when an attacker with network access to port 443 sends crafted input, enabling commands with u...

10CVSS9.8AI score0.99999EPSS
In wildExploits13References4Affected Software1
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.4 views

VMware vSphere Client 访问控制错误漏洞

Vmware vSphere Client is an application from Vmware, Inc. It provides virtualization management. An authorization issue vulnerability exists in Vmware vSphere Client, which can be exploited by an attacker to perform actions allowed by an affected plugin without authentication...

10CVSS5.6AI score0.12918EPSS
Exploits0References10
Rows per page
Query Builder