Lucene search
K

206 matches found

CNNVD
CNNVD
added 2022/10/28 12:0 a.m.4 views

VMware Cloud Foundation 代码问题漏洞

VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. A security vulnerability exists in VMware Cloud Foundation NSX-V that stems from the...

9.1CVSS7.8AI score0.08085EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/10/28 12:0 a.m.6 views

CVE-2022-31678

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...

9AI score0.08085EPSS
Exploits1References1
NCSC
NCSC
added 2022/10/27 12:0 a.m.5 views

Vulnerabilities fixed in VMware Cloud Foundation

VMware has fixed vulnerabilities in NSX-V as used by VMware Cloud Foundation. An unauthenticated malicious person can exploit the exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with privileges of root. This requires sending malicious network traffic to a...

9.1CVSS8AI score0.98124EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2022/10/26 12:0 a.m.7 views

The vulnerability of the XStream library for converting objects to XML or JSON format in the VMware Cloud Foundation virtualization platform allows a perpetrator to execute arbitrary code with root privileges.

The vulnerability of the XStream library for converting objects to XML or JSON format in the VMware Cloud Foundation platform is related to deserialization errors and the ability to execute arbitrary code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root...

8.5CVSS7.9AI score0.98124EPSS
Exploits6References15Affected Software19
VMware
VMware
added 2022/10/25 12:0 a.m.40 views

VMware Cloud Foundation updates address multiple vulnerabilities.

3a. VMware Cloud Foundation update addresses a remote code execution vulnerability via XStream CVE-2021-39144 VMware Cloud Foundation contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity rang...

6.4CVSS9AI score0.98124EPSS
Exploits7References5Affected Software1
Veeam
Veeam
added 2022/09/27 12:0 a.m.32 views

VMware Cloud Director 10.4 Compatibility Patches

Hotfix for Veeam Backup & Replication 11.0.1.1261 P20230227 The hotfix on this article has been rebuilt as of 2023-11-24 to be compatible only with Veeam Backup & Replication build 11.0.1.1261 P20230227. This is the second such rebuild; the last rebuild was on 2023-03-16. Note: If an older versio...

6.9AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/15 12:0 a.m.8 views

The vulnerability of the software for managing virtual infrastructure, VMware vCenter Server, and the virtualization platform, VMware Cloud Foundation, is related to insufficient checking of incoming requests. This allows a perpetrator to carry out an SSRF attack.

The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending specially craft...

5.3CVSS7.2AI score0.00946EPSS
Exploits0References3Affected Software1
Source Incite
Source Incite
added 2022/08/03 12:0 a.m.167 views

SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...

9.1CVSS9.1AI score0.08085EPSS
Exploits1
Source Incite
Source Incite
added 2022/08/03 12:0 a.m.195 views

SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a vulnerable unmarshaller used to handle incoming...

8.5CVSS9AI score0.98124EPSS
Exploits6
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.49 views

VMware vCenter Server 代码问题漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A code issue vulnerability exists in VMware...

7.5CVSS7.4AI score0.00946EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/06/06 12:0 a.m.19 views

VMware Cloud Foundation Web Detection

Binary data vmwarecloudfoundationwebdetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/04/22 12:0 a.m.40 views

VMware Cloud Director 10.1.x < 10.1.4.1 / 10.2.x < 10.2.2.3 / 10.3.x < 10.3.3 RCE (VMSA-2022-0013)

The version of VMware vCloud Director installed on the remote host is 10.1.x prior to 10.1.4.1, 10.2.x prior to 10.2.2.3, 10.3.x 10.3.3. It is, therefore, affected by a code injection vulnerability due to a failure to properly handle input. A remote, authenticated actor can exploit this, by sendi...

7.2CVSS8AI score0.0639EPSS
Exploits0References3
NCSC
NCSC
added 2022/04/15 12:0 a.m.15 views

Vulnerability fixed in VMWare Cloud Director

A vulnerability has been fixed in VMWare Cloud Director. This vulnerability allows an authenticated outside attacker with network access to the VMWare Cloud Director tenant to execute execute arbitrary code and thereby gain access to the server. gain. VMWare has made updates available for VMware...

7.2CVSS7.4AI score0.0639EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/04/15 12:0 a.m.6 views

The vulnerability of VMware Cloud Foundation’s virtualization platform and VMware ESXi hypervisor, related to synchronization errors when using shared resources, allows attackers to escalate their privileges.

The vulnerability of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...

7.8CVSS7.4AI score0.01052EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/15 12:0 a.m.9 views

The vulnerability of the rhttpproxy service of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a attacker to cause a service failure.

The vulnerability of the rhttpproxy service of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS7.4AI score0.02316EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/15 12:0 a.m.7 views

The vulnerability of the VMX service on the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a perpetrator to escalate their privileges.

The vulnerability of the VMX service on the VMware Cloud Foundation and the VMware ESXi hypervisor platform is related to lack of access control mechanisms. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.1CVSS7.5AI score0.00296EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/15 12:0 a.m.6 views

The vulnerability of the UHCI controller on the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a attacker to execute arbitrary code.

The vulnerability of the UHCI platform of the VMware Cloud Foundation and the VMware ESXi hypervisor lies in synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9.1CVSS7.5AI score0.00574EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2022/04/14 9:15 p.m.2 views

CVE-2022-22966

An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server...

7.2CVSS6.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/14 9:15 p.m.6 views

CVE-2022-22966

An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server...

7.2CVSS7.8AI score0.0639EPSS
Exploits0References2
Prion
Prion
added 2022/04/14 9:15 p.m.22 views

Remote code execution

An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server...

6.5CVSS7.3AI score0.0639EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder