747 matches found
CVE-2021-21986
The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...
CVE-2021-21986
Summary: CVE-2021-21986 affects the vSphere Client (HTML5) by exploiting a flaw in the vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A remote attacker who can reach port 443 on vCenter ...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21985
CVE-2021-21985 affects VMware vCenter Server via the vSphere Client (HTML5) and the default-enabled Virtual SAN Health Check plug‑in. Root cause: improper input validation leads to remote code execution when an attacker with network access to port 443 sends crafted input, enabling commands with u...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
VMware vCenter Server远程代码执行漏洞(CVE-2021-21985)
Rapid7 May 26, 2021 5:34pm UTC 1 day ago• Last updated May 27, 2021 6:39pm UTC 7 hours ago Technical Analysis Threat status: Impending threat Attacker utility: Network infrastructure compromise Description On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes...
VMware vSphere Client 访问控制错误漏洞
Vmware vSphere Client is an application from Vmware, Inc. It provides virtualization management. An authorization issue vulnerability exists in Vmware vSphere Client, which can be exploited by an attacker to perform actions allowed by an affected plugin without authentication...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
PT-2021-3176
Name of the Vulnerable Software and Affected Versions vSphere Client HTML5 affected versions not specified VMware vCenter Server affected versions not specified Description The issue exists due to insufficient input validation in the Virtual SAN Health Check plug-in, which is enabled by default i...
VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0010)
The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5 U3p, 6.7 prior to 6.7 U3n or 7.0 prior to 7.0 U2b. It is, therefore, affected by multiple vulnerabilities: - The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validatio...
VMSA-2021-0010:VMware vCenter Server updates address remote code execution and authentication vulnerabilities
Advisory ID: VMSA-2021-0010 CVSSv3 Range: 6.5-9.8 Issue Date:2021-05-25 Updated On: 2021-05-25 Initial Advisory CVEs: CVE-2021-21985, CVE-2021-21986 Synopsis: VMware vCenter Server updates address remote code execution and authentication vulnerabilities CVE-2021-21985, CVE-2021-21986 RSS Feed...
Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover
Summary Vulnerabilities in the Python, Docker, and ICP such as a hole to obtain confidential information, denial of service, unauthorized access with high privileges, duplicate entries and CRLF injection, may affect IBM Spectrum Discover Vulnerability Details CVEID: CVE-2020-8566 DESCRIPTION:...
Exploit for Path Traversal in Vmware Cloud_Foundation
vsphereyeeter.sh is an automated bash script to exploit vuln...
Critical Auth Bypass Bug Found in VMware Data Center Security Product
A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the produ...
Critical Bug in VMWare Carbon Black Allows Takeover
A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution. The bug CVE-2021-21982 ranks 9.1 out of 10 on the CVSS vulnerability-severity scale. The VMware Carbon...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-21972 VMware vSphere Client Unauthorized File Upload...
The vulnerability of the configuration management system and remote execution capabilities of SaltStack Salt, related to errors in the certificate validation process, allows a perpetrator to carry out a “man-in-the-middle” attack.
The vulnerability of the configuration management system and the remote execution of operations in SaltStack Salt is related to errors in the certificate validation process on vCenter, vSphere, and ESXi servers. Exploiting this vulnerability allows a malicious actor to carry out a...
SharpSphere - .NET Project For Attacking vCenter
SharpSphere gives red teamers the ability to easily interact with the guest operating systems of virtual machines managed by vCenter. It uses the vSphere Web Services API and exposes the following functions: Command & Control - In combination with F-Secure's C3, SharpSphere provides C&C into VMs...
Man-in-the-Middle
salt is vulnerable to man-in-the-middle attack. The vulnerability exists because authentication to vcenter, vsphere, and esxi server does not always verify the SSL/TLS certificate...
VMware vSphere Client Remote Code Execution (CVE-2021-21972; CVE-2021-21973)
A remote code execution vulnerability exists in VMware vSphere Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...