786 matches found
CVE-2021-22033
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery SSRF vulnerability...
CVE-2021-22034
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability...
CVE-2021-21984
VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance...
CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...
CVE-2020-3943
vRealize Operations for Horizon Adapter 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code ...
CVE-2020-3944
vRealize Operations for Horizon Adapter 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypa...
CVE-2020-3945
vRealize Operations for Horizon Adapter 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network...
CVE-2020-3953
Cross Site Scripting XSS vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...
CVE-2020-3954
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...
CVE-2019-1003068
Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
SaltStack Salt Master Server Root Key Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...
Vmware vRealize Network Insight Command Injection
Vmware vRealize Network Insight version 6.2 6.10 are vulnerable to a Command Injection vulnerability. A remote unauthenticated attacker can perform remote code execution via a specially crafted request. No source data...
VMWare Aria Operations < 8.16 PrivEsc (VMSA-2024-0004)
According to its self-reported version, the instance of VMWare Aria Operations formerly vRealize Operations running on the remote web server is 8.16.0.23251571. It is, therefore, affected by the following: - VMware Aria Operations contains a local privilege escalation vulnerability. A malicious...
VMSA-2024-0002:VMware Aria Operations for Networks (Formerly vRealize Network Insight) updates address multiple vulnerabilities
Advisory ID: VMSA-2024-0002 CVSSv3 Range: 4.3 - 7.8 Issue Date:2024-02-06 Updated On: 2024-02-06 Initial Advisory CVEs: CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241 Synopsis: VMware Aria Operations for Networks Formerly vRealize Network Insight updates address...
VulnCheck KEV: CVE-2022-31706
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution...
VulnCheck KEV: CVE-2022-31704
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution...
VulnCheck KEV: CVE-2022-31711
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...
VMware vRealize Network Insight (vRNI) Multiple Vulnerabilities (VMSA-2022-0031)
According to its self-reported version, the instance of VMware vRealize Network Insight running on the remote web server is affected by multiple vulnerabilities: - vRealize Network Insight vRNI contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network...
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations (vROps) arises from insufficient validation of the authenticity of the queries executed. This allows a perpetrator to carry out a CSRF attack.
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations vROps is related to insufficient verification of the authenticity of the queries being executed. Exploiting this vulnerability could allow a malicious actor to perform a CSRF attack remotely...
VulnCheck KEV: CVE-2022-31656
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...