206 matches found
CVE-2025-41229
CVE-2025-41229 affects VMware Cloud Foundation and is a directory traversal vulnerability. A remote attacker on port 443 can exploit it to access internal services. The entry cites CVSS v3.1 base score 8.2 (High) with network access, no user interaction required. Public docs confirm the issue and...
CVE-2025-41229 VMware Cloud Foundation Directory Traversal Vulnerability
VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services...
CVE-2025-41229 VMware Cloud Foundation Directory Traversal Vulnerability
VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services...
PT-2025-22131 · Vmware · Vmware Cloud Foundation
Name of the Vulnerable Software and Affected Versions: VMware Cloud Foundation affected versions not specified Description: The issue is an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to...
VMware Cloud Foundation 安全漏洞
VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. A directory traversal vulnerability exists in VMware Cloud Foundation, which stems from ...
PT-2025-22130 · Vmware · Vmware Cloud Foundation
Name of the Vulnerable Software and Affected Versions: VMware Cloud Foundation affected versions not specified Description: The issue is a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain...
PT-2025-22132 · Vmware · Vmware Cloud Foundation
Name of the Vulnerable Software and Affected Versions: VMware Cloud Foundation affected versions not specified Description: The issue is related to a missing authorization vulnerability. A malicious actor with access to the VMware Cloud Foundation appliance may be able to perform certain...
VMware Cloud Foundation 安全漏洞
VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. VMware Cloud Foundation suffers from an authorization issue vulnerability that stems fro...
VMSA-2025-0009 : VMware Cloud Foundation updates address multiple vulnerabilities (CVE-2025-41229, CVE-2025-41230, CVE-2025-41231)
Advisory ID: | VMSA-2025-0009 ---|--- Advisory Severity: | Important CVSSv3 Range: | 7.3-8.2 Synopsis: | VMware Cloud Foundation updates address multiple vulnerabilities CVE-2025-41229, CVE-2025-41230, CVE-2025-41231 Issue date: | 2025-05-20 Updated on: | 2025-05-20 Initial Advisory CVEs |...
The vulnerability of the VMware Aria Automation (formerly vRealize Automation) automation software and the VMware Cloud Foundation virtualization platform, related to insufficient validation of incoming requests, allows a attacker to perform an SSRF attack.
The vulnerability of the VMware Aria Automation formerly vRealize Automation and VMware Cloud Foundation virtualization platform lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially...
Vulnerability of the hypervisor in VMware ESXi, VMware Workstation, VMware Fusion, the virtualization platform VMware Cloud Foundation, the telecommunications cloud platform VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure—related to reading beyond the allowed range in memory, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of VMware ESXi, VMware Workstation, VMware Fusion, the virtualization platform VMware Cloud Foundation, the telecommunications cloud platform VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure is related to reading data beyond the allowed range in memory...
On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (CVE-2024-38812) vulnerability were released again
On Monday, October 21, updates for the critical Remote Code Execution - VMware vCenter CVE-2024-38812 vulnerabilitywere released again. Wait, haven't fixes for this vulnerability been available since September 17th? They were, but it was not enough. " VMware by Broadcom has determined that the...
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 CVSS score: 9.8, concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC...
The vulnerability of the disaster recovery mechanism for the VMware Cloud Director Availability, related to deficiencies in neutralizing special symbols, allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the disaster recovery tool for VMware Cloud Director Availability relates to deficiencies in neutralizing special symbols. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks by injecting malicious HTML tags...
The vulnerability of the VMware Cloud Director platform, related to deficiencies in access control, allows a attacker to trigger a service failure.
The vulnerability of the VMware Cloud Director platform relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the VMware Cloud Director Object Storage Extension lies in the insufficient protection of operational data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the VMware Cloud Director Object Storage Extension relates to insufficient protection of operational data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
CVE-2024-22277
VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...
CVE-2024-22277
VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...
CVE-2024-22277
CVE-2024-22277 affects VMware Cloud Director Availability. An HTML injection vulnerability allows a network-authenticated attacker to craft malicious HTML tags that execute within replication tasks. The issue is addressed by VMware in the 4.7.2 release; advisory indicates affected product lines i...
CVE-2024-22277
VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...