VMSA-2018-0008:Workstation and Fusion updates address a denial-of-service vulnerability

VMSA-2018-0008 Workstation and Fusion updates address a denial-of-service vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0008 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: Workstation and Fusion updates address a...

Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.

I Security Issuesa. Setting ActiveX killbitStarting from this release, VMware has set the killbit on itsActiveX controls. Setting the killbit ensures that ActiveXcontrols cannot run in Internet Explorer IE, and avoidsMicrosoft KB article 240797 and the related references on thistopic.Security...

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware...

VMSA-2016-0024:vSphere Data Protection (VDP) update addresses SSH key-based authentication issue

VMSA-2016-0024.1 vSphere Data Protection VDP updates address SSH Key-Based authentication issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0024.1 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates addres...

VMSA-2022-0021:VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities

Advisory ID: VMSA-2022-0021.1 CVSSv3 Range: 4.7-9.8 Issue Date:2022-08-02 Updated On: 2022-08-09 CVEs: CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665 Synopsis: VMware Workspace ONE...

VMSA-2018-0028:VMware vRealize Log Insight updates address an authorization bypass vulnerability

VMSA-2018-0028 VMware vRealize Log Insight updates address an authorization bypass vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0028 VMware Security Advisory Severity: Moderate VMware Security Advisory Synopsis: VMware vRealize Log Insight updates address...

VMSA-2014-0004:VMware product updates address OpenSSL security vulnerabilities

VMSA-2014-0004.7 VMware product updates address OpenSSL security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0004.7 VMware Security Advisory Synopsis: VMware product updates address OpenSSL security vulnerabilities VMware Security Advisory Issue date:...

VMSA-2022-0020:VMware ESXi addresses Return-Stack-Buffer-UnderfLOW and Branch Type Confusion vulnerabilities

Advisory ID: VMSA-2022-0020.2 CVSSv3 Range: 5.6 Issue Date:2022-07-12 Updated On: 2022-10-25 CVEs: CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373 Synopsis: VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities RSS Feed Downlo...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMSA-2020-0002:VMware Tools workaround addresses a local privilege escalation vulnerability

Advisory ID: VMSA-2020-0002 CVSSv3 Range: 7.8 Issue Date:2020-01-14 Updated On: 2020-01-14 Initial Advisory CVEs: CVE-2020-3941 Synopsis: VMware Tools workaround addresses a local privilege escalation vulnerability CVE-2020-3941 RSS Feed Download PDF Download Text File Share this page on social...

VMSA-2021-0002:VMware ESXi and vCenter Server updates address multiple security vulnerabilities

Advisory ID: VMSA-2021-0002 CVSSv3 Range: 5.3-9.8 Issue Date:2021-02-23 Updated On: 2021-02-23 Initial Advisory CVEs: CVE-2021-21972, CVE-2021-21973, CVE-2021-21974 Synopsis: VMware ESXi and vCenter Server updates address multiple security vulnerabilities CVE-2021-21972, CVE-2021-21973,...

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

IMPORTANT See the Notes section if prior to April 6, 3 PM PST you have updated TAS or Ops Manager or you have applied workarounds to TAS, Ops Manager or TKGi. 1. Impacted Products VMware Tanzu Application Service for VMs TAS VMware Tanzu Operations Manager Ops Manager VMware Tanzu Kubernetes Grid...

VMSA-2022-0016:VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities

Advisory ID: VMSA-2022-0016 CVSSv3 Range: 3.8 Issue Date:2022-06-14 Updated On: 2022-06-14 Initial Advisory CVEs: CVE-2022-21123, CVE-2022-21125, CVE-2022-21166 Synopsis: VMware ESXi addresses DirectPath I/O PCI-Passthrough Information Leak vulnerabilities CVE-2022-21123, CVE-2022-21125,...

VMSA-2016-0002:VMware product updates address a CRITICAL glibc security vulnerability.

VMSA-2016-0002.1 VMware product updates address a critical glibc security vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0002.1 VMware Security Advisory Synopsis: VMware product updates address a critical glibc security vulnerability VMware Security Adviso...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

VMSA-2018-0029:vSphere Data Protection (VDP) updates address multiple security issues.

VMSA-2018-0029 vSphere Data Protection VDP updates address multiple security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0029 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates address multiple...

VMSA-2014-0010:VMware product updates address CRITICAL Bash security vulnerabilities

VMSA-2014-0010.13 VMware product updates address critical Bash security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0010.13 VMware Security Advisory Synopsis: VMware product updates address critical Bash security vulnerabilities VMware Security Advisor...

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)

Advisory ID: | VMSA-2025-0004 ---|--- Severity: | Critical CVSSv3 Range: | 7.1-9.3 Synopsis: | VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 Issue date: | 2025-03-04 Updated on: | 2025-03-04 Initial Advisory CVEs |...

VMSA-2012-0001:VMware ESXi and ESX updates to third party library and ESX Service Console

VMSA-2012-0001.2 VMware ESXi and ESX updates to third party library and ESX Service Console VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0001.2 VMware Security Advisory Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console VMware Security...

VMSA-2022-0004:VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities

Advisory ID: VMSA-2022-0004 CVSSv3 Range: 5.3-8.4 Issue Date:2022-02-15 Updated On: 2022-02-15 Initial Advisory CVEs: CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050 Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities...

VMSA-2019-0020:VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities

VMware Security Advisories Advisory ID| VMSA-2019-0020 ---|--- Advisory Severity| Moderate CVSSv3 Range| 6.5 Synopsis| VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Denial-of-Service and Speculative-Execution Vulnerabilities CVE-2018-12207, CVE-2019-1113...

VMSA-2018-0030:VMware Workstation and Fusion updates address an integer overfLOW issue.

VMSA-2018-0030 VMware Workstation and Fusion updates address an integer overflow issue. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0030 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation and Fusion updates address an...

VMware product updates resolve remote code execution vulnerability via Apache Struts 2

Remote code execution vulnerability via Apache Struts 2 Multiple VMware products contain a remote code execution vulnerability due to the use of Apache Struts 2. Successful exploitation of this issue may result in the complete compromise of an affected product. The Common Vulnerabilities and...

VMSA-2022-0009:VMware vCenter Server updates address an information disclosure vulnerability

Advisory ID: VMSA-2022-0009.1 CVSSv3 Range: 5.5 Issue Date:2022-03-29 Updated On: 2022-05-18 CVEs: CVE-2022-22948 Synopsis: VMware vCenter Server updates address an information disclosure vulnerability CVE-2022-22948 RSS Feed Download PDF Download Text File Share this page on social media: 1...

VMSA-2019-0013:VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities.

VMware Security Advisories Advisory ID| VMSA-2019-0013.1 ---|--- Advisory Severity| Important CVSSv3 Range| 4.2-7.7 Synopsis| VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities. CVE-2017-16544, CVE-2019-5531, CVE-2019-5532, CVE-2019-5534...

VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)

3a. Hypervisor-Specific Mitigations for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. VMware has evaluated the...

VMSA-2022-0018:VMware vCenter Server updates address a server-side request forgery vulnerability

Advisory ID: VMSA-2022-0018 CVSSv3 Range: 5.3 Issue Date:2022-07-12 Updated On: 2022-07-23 CVEs: CVE-2022-22982 Synopsis: VMware vCenter Server updates address a server-side request forgery vulnerability CVE-2022-22982 RSS Feed Download PDF Download Text File Share this page on social media: 1...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMSA-2016-0023:VMware ESXi updates address a cross-site scripting issue

VMware Security Advisories VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0023 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware ESXi updates address a cross-site...

VMSA-2024-0006:VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)

Advisory ID: | VMSA-2024-0006.1 ---|--- Advisory Severity: | Critical CVSSv3 Range: | 7.1-9.3 Synopsis: | VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 Issue date: | 2024-03-05 Updated on: |...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

3. Problem Description Multiple products impacted by remote code execution vulnerabilities via Apache Log4j CVE-2021-44228, CVE-2021-45046...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)

3. vRealize Operations Application Remote Collector ARC addresses Authentication Bypass CVE-2020-11651 and Directory Traversal CVE-2020-11652 vulnerabilities. The Application Remote Collector ARC introduced with vRealize Operations 7.5 utilizes Salt which is affected by CVE-2020-11651 and...

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

IMPORTANT See the Notes section if prior to April 6, 3 PM PST you have updated TAS or Ops Manager or you have applied workarounds to TAS, Ops Manager or TKGi. 1. Impacted Products VMware Tanzu Application Service for VMs TAS VMware Tanzu Operations Manager Ops Manager VMware Tanzu Kubernetes Grid...

VMSA-2022-0007:VMware Tools for Windows update addresses an uncontrolled search path vulnerability

Advisory ID: VMSA-2022-0007 CVSSv3 Range: 5.6 Issue Date:2022-03-01 Updated On: 2022-03-01 Initial Advisory CVEs: CVE-2022-22943 Synopsis: VMware Tools for Windows update addresses an uncontrolled search path vulnerability CVE-2022-22943 RSS Feed Download PDF Download Text File Share this page on...

VMSA-2022-0024:VMware Tools update addresses a local privilege escalation vulnerability

Advisory ID: VMSA-2022-0024.1 CVSSv3 Range: 7.0 Issue Date:2022-08-23 Updated On: 2022-09-02 CVEs: CVE-2022-31676 Synopsis: VMware Tools update addresses a local privilege escalation vulnerability CVE-2022-31676 RSS Feed Download PDF Download Text File Share this page on social media: 1. Impacted...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMSA-2021-0020:VMware vCenter Server updates address multiple security vulnerabilities

Advisory ID:VMSA-2021-0020.2 CVSSv3 Range:4.3-9.8 Issue Date:2021-09-21 Updated On:2025-12-05 CVEs:CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013,...

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

1. Impacted Products VMware Tanzu Application Service for VMs VMware Tanzu Operations Manager VMware Tanzu Kubernetes Grid Integrated Edition TKGI 2. Introduction A critical vulnerability in Spring Framework project identified by CVE-2022-22965 has been publicly disclosed which impacts VMware...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMSA-2011-0013:VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

VMSA-2011-0013.3 VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0013.3 VMware Security Advisory Synopsis: VMware third party component updates for VMware vCenter Server,...

VMSA-2008-0018:VMware Hosted products and patches for ESX and ESXi resolve two security issues

VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2008-0018 VMware Security Advisory Synopsis: VMware Hosted products and patches for ESX and ESXi resolve two security issues VMware...

VMware Horizon Agent for Linux update addresses multiple vulnerabilities (CVE-2022-22962, CVE-2022-22964)

3a. User-controlled folder path customization privilege escalation vulnerability CVE-2022-22962 VMware Horizon Agent for Linux contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base scor...

VMSA-2019-0023:VMware Workstation and Horizon View Agent updates address a DLL-hijacking issue

VMware Security Advisories Advisory ID| VMSA-2019-0023 ---|--- Advisory Severity| Moderate CVSSv3 Range| 6.3 Synopsis| VMware Workstation and Horizon View Agent updates address a DLL-hijacking issue CVE-2019-5539 Issue Date| 2019-12-20 Updated On| 2019-12-20 Initial Advisory CVEs| CVE-2019-5539 1...

VMSA-2023-0019:VMware Tools updates address a SAML Token Signature Bypass Vulnerability

Advisory ID: VMSA-2023-0019.1 CVSSv3 Range: 7.1 Issue Date:2023-08-31 Updated On: 2023-09-05 CVEs: CVE-2023-20900 Synopsis: VMware Tools updates address a SAML Token Signature Bypass Vulnerability CVE-2023-20900 RSS Feed Download PDF Download Text File Share this page on social media: 1. Impacted...

VMSA-2020-0006:VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir)

Advisory ID: VMSA-2020-0006.1 CVSSv3 Range: 10.0 Issue Date:2020-04-09 Updated On: 2020-04-16 Initial Advisory CVEs: CVE-2020-3952 Synopsis: VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service vmdir CVE-2020-3952 RSS Feed Download P...

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

VMSA-2014-0006:VMware product updates address OpenSSL security vulnerabilities

VMSA-2014-0006.11 VMware product updates address OpenSSL security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0006.11 VMware Security Advisory Synopsis: VMware product updates address OpenSSL security vulnerabilities VMware Security Advisory Issue date...

VMSA-2022-0011:VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities

Advisory ID:VMSA-2022-0011.2 CVSSv3 Range:5.3-9.8 Issue Date:2022-04-06 Updated On:2022-04-13 CVEs:CVE-2022-22954, CVE-2022-22955,CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 Synopsis:VMware Workspace ONE Access, Identity Manager and vRealize...