747 matches found
CVE-2021-21972
CVE-2021-21972 is an unauthenticated remote code execution in VMware vCenter Server via the vROPS vropsplugin UI, triggered by uploading a crafted archive to /ui/vropspluginui/rest/services/uploadova. Affected: vCenter Server 6.5/6.7/7.0 (including Cloud Foundation 4.x/3.x). Impact is arbitrary f...
CVE-2021-21972
The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...
CVE-2021-21973
The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...
CVE-2021-21973
CVE-2021-21973 is a VMware vSphere Client (HTML5) SSRF vulnerability in which URL validation for a vCenter Server plugin is improper, allowing an attacker with network access to port 443 to trigger information disclosure via a crafted POST to the vulnerable endpoint. Affected products/versions in...
CVE-2021-21973
The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
VMware has addressed multiple critical remote code execution RCE vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port...
VMware vSphere Client Server-Side Request Forgery Vulnerability
VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...
VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-21972
The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...
CVE-2021-21973
The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...
VMware vCenter Server 代码问题漏洞
VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...
The vulnerability of the “Startup Configuration” page of the asynchronous replication extension for VMware vSphere Replication allows a attacker to execute arbitrary code.
The vulnerability of the “Startup Configuration” page of the VMware vSphere Replication asynchronous replication extension is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...
VMware Releases Security Update
VMware has released a security update to address a vulnerability in vSphere Replication. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0001 and apply the necessary update...
Vulnerability fixed in vSphere Replication
VMWare has fixed a vulnerability in vSphere Replicator. A malicious person with management privileges in Replicator can exploit the vulnerability exploit it to execute arbitrary code with system privileges on the underlying system. Because such an attack fits into the so-called "evil admin"...
CVE-2021-21976
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...
CVE-2021-21976
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...
Command injection
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...
CVE-2021-21976
CVE-2021-21976 is a post-authentication command injection in vSphere Replication that may allow an authenticated admin to achieve remote code execution. Affected: vSphere Replication 8.3.x (before 8.3.1.2), 8.2.x (before 8.2.1.1), 8.1.x (before 8.1.2.3), and 6.5.x (before 6.5.1.5). Root cause: vu...
CVE-2021-21976
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...
vSphere Replication Command Injection Vulnerability
A command injection vulnerability exists in vSphere Replication that originates when a network system or product does not properly filter specific elements of externally entered data during the construction of executable commands. An attacker could exploit this vulnerability to execute an illegal...