Lucene search
+L

786 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:13 p.m.14 views

CVE-2021-22033

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery SSRF vulnerability...

4CVSS6.9AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 p.m.11 views

CVE-2021-22034

Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability...

7.5CVSS6.7AI score0.00971EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 p.m.9 views

CVE-2021-21984

VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance...

9.8CVSS7.9AI score0.01981EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 p.m.16 views

CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...

8.5CVSS6.8AI score0.68557EPSS
Exploits9References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:40 p.m.9 views

CVE-2020-3943

vRealize Operations for Horizon Adapter 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code ...

9.8CVSS7.9AI score0.02331EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:36 p.m.8 views

CVE-2020-3944

vRealize Operations for Horizon Adapter 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypa...

8.6CVSS7.3AI score0.01489EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:36 p.m.6 views

CVE-2020-3945

vRealize Operations for Horizon Adapter 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network...

7.5CVSS6.6AI score0.01386EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.9 views

CVE-2020-3953

Cross Site Scripting XSS vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

4.8CVSS5.8AI score0.00653EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.10 views

CVE-2020-3954

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

6.1CVSS6.8AI score0.00774EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.10 views

CVE-2019-1003068

Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.7AI score0.01365EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.284 views

SaltStack Salt Master Server Root Key Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...

9.8CVSS7.4AI score0.96405EPSS
Exploits25
Tenable Nessus
Tenable Nessus
added 2024/05/06 12:0 a.m.15 views

Vmware vRealize Network Insight Command Injection

Vmware vRealize Network Insight version 6.2 6.10 are vulnerable to a Command Injection vulnerability. A remote unauthenticated attacker can perform remote code execution via a specially crafted request. No source data...

9.8CVSS8.5AI score0.98281EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2024/02/22 12:0 a.m.32 views

VMWare Aria Operations < 8.16 PrivEsc (VMSA-2024-0004)

According to its self-reported version, the instance of VMWare Aria Operations formerly vRealize Operations running on the remote web server is 8.16.0.23251571. It is, therefore, affected by the following: - VMware Aria Operations contains a local privilege escalation vulnerability. A malicious...

6.7CVSS6.6AI score0.00194EPSS
Exploits0References4
VMware
VMware
added 2024/02/04 12:0 a.m.81 views

VMSA-2024-0002:VMware Aria Operations for Networks (Formerly vRealize Network Insight) updates address multiple vulnerabilities

Advisory ID: VMSA-2024-0002 CVSSv3 Range: 4.3 - 7.8 Issue Date:2024-02-06 Updated On: 2024-02-06 Initial Advisory CVEs: CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241 Synopsis: VMware Aria Operations for Networks Formerly vRealize Network Insight updates address...

7.8CVSS6.3AI score0.37849EPSS
Exploits0References20Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-31706

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...

9.8CVSS7.7AI score0.87077EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-31704

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution...

9.8CVSS7.7AI score0.81011EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2023/12/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

5.3CVSS7AI score0.21657EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2023/12/18 12:0 a.m.34 views

VMware vRealize Network Insight (vRNI) Multiple Vulnerabilities (VMSA-2022-0031)

According to its self-reported version, the instance of VMware vRealize Network Insight running on the remote web server is affected by multiple vulnerabilities: - vRealize Network Insight vRNI contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network...

9.8CVSS9.1AI score0.01792EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/12/08 12:0 a.m.6 views

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations (vROps) arises from insufficient validation of the authenticity of the queries executed. This allows a perpetrator to carry out a CSRF attack.

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations vROps is related to insufficient verification of the authenticity of the queries being executed. Exploiting this vulnerability could allow a malicious actor to perform a CSRF attack remotely...

10CVSS7.5AI score0.00404EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

9.8CVSS7.4AI score0.18994EPSS
Exploits1References1
Rows per page
Query Builder