VMware Horizon Agent for Linux update addresses multiple vulnerabilities (CVE-2022-22962, CVE-2022-22964)

3a. User-controlled folder path customization privilege escalation vulnerability CVE-2022-22962 VMware Horizon Agent for Linux contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base scor...

VMware Horizon Client for Linux update addresses multiple vulnerabilities (CVE-2022-22962, CVE-2022-22964)

1. Impacted Products VMware Horizon Agent for Linux 2. Introduction Multiple vulnerabilities in VMware Horizon Agent for Linux were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. 3a. User-controlled folder path customization...

VMSA-2022-0011:VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities

Advisory ID:VMSA-2022-0011.2 CVSSv3 Range:5.3-9.8 Issue Date:2022-04-06 Updated On:2022-04-13 CVEs:CVE-2022-22954, CVE-2022-22955,CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961 Synopsis:VMware Workspace ONE Access, Identity Manager and vRealize...

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

IMPORTANT See the Notes section if prior to April 6, 3 PM PST you have updated TAS or Ops Manager or you have applied workarounds to TAS, Ops Manager or TKGi. 1. Impacted Products VMware Tanzu Application Service for VMs TAS VMware Tanzu Operations Manager Ops Manager VMware Tanzu Kubernetes Grid...

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

IMPORTANT See the Notes section if prior to April 6, 3 PM PST you have updated TAS or Ops Manager or you have applied workarounds to TAS, Ops Manager or TKGi. 1. Impacted Products VMware Tanzu Application Service for VMs TAS VMware Tanzu Operations Manager Ops Manager VMware Tanzu Kubernetes Grid...

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

3. Problem Description Multiple products impacted by remote code execution vulnerability CVE-2022-22965...

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

1. Impacted Products VMware Tanzu Application Service for VMs VMware Tanzu Operations Manager VMware Tanzu Kubernetes Grid Integrated Edition TKGI 2. Introduction A critical vulnerability in Spring Framework project identified by CVE-2022-22965 has been publicly disclosed which impacts VMware...

VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)

IMPORTANT See the Notes section if prior to April 6, 3 PM PST you have updated TAS or Ops Manager or you have applied workarounds to TAS, Ops Manager or TKGi. 1. Impacted Products VMware Tanzu Application Service for VMs TAS VMware Tanzu Operations Manager Ops Manager VMware Tanzu Kubernetes Grid...

VMware vCenter Server updates address an information disclosure vulnerability (CVE-2022-22948)

3. vCenter Server information disclosure vulnerability CVE-2022-22948 The vCenter Server contains an information disclosure vulnerability due to improper permission of files. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of...

VMSA-2022-0009:VMware vCenter Server updates address an information disclosure vulnerability

Advisory ID: VMSA-2022-0009.1 CVSSv3 Range: 5.5 Issue Date:2022-03-29 Updated On: 2022-05-18 CVEs: CVE-2022-22948 Synopsis: VMware vCenter Server updates address an information disclosure vulnerability CVE-2022-22948 RSS Feed Download PDF Download Text File Share this page on social media: 1...

VMware Carbon Black App Control update addresses multiple vulnerabilities (CVE-2022-22951, CVE-2022-22952)

3a. OS command injection vulnerability in VMware Carbon Black App Control CVE-2022-22951 VMware Carbon Black App Control contains an OS command injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1. 3b...

VMSA-2022-0007:VMware Tools for Windows update addresses an uncontrolled search path vulnerability

Advisory ID: VMSA-2022-0007 CVSSv3 Range: 5.6 Issue Date:2022-03-01 Updated On: 2022-03-01 Initial Advisory CVEs: CVE-2022-22943 Synopsis: VMware Tools for Windows update addresses an uncontrolled search path vulnerability CVE-2022-22943 RSS Feed Download PDF Download Text File Share this page on...

VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)

3a. VMware Workspace ONE Boxer update addresses a stored cross-site scripting XSS vulnerability CVE-2022-22944 VMware Workspace ONE Boxer contains a stored cross-site scripting XSS vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum...

VMSA-2022-0005:VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability

Advisory ID: VMSA-2022-0005.2 CVSSv3 Range: 8.8 Issue Date:2022-02-15 Updated On: 2022-04-07 CVEs: CVE-2022-22945 Synopsis: VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability CVE-2022-22945 RSS Feed Download PDF Download Text File Share this page on social media...

VMSA-2022-0004:VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities

Advisory ID: VMSA-2022-0004 CVSSv3 Range: 5.3-8.4 Issue Date:2022-02-15 Updated On: 2022-02-15 Initial Advisory CVEs: CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050 Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities...

VMware Cloud Foundation contains an information disclosure vulnerability due to the logging of plaintext credentials within some log files.

3. Information disclosure vulnerability in VMware Cloud Foundation SDDC Manager CVE-2022-22939 VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager...

VMSA-2022-0003:VMware Cloud Foundation contains an information disclosure vulnerability due to the logging of plaintext credentials within some log files

Advisory ID: VMSA-2022-0003.1 CVSSv3 Range: 6.0 Issue Date:2022-01-31 Updated On: 2022-02-14 CVEs: CVE-2022-22939 Synopsis: VMware Cloud Foundation contains an information disclosure vulnerability due to the logging of plaintext credentials within some log files. RSS Feed Download PDF Download Te...

VMSA-2022-0002:VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability

Advisory ID: VMSA-2022-0002 CVSSv3 Range: 4.0 Issue Date:2022-01-18 Updated On: 2022-01-18 Initial Advisory CVEs: CVE-2022-22938 Synopsis: VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability CVE-2022-22938 RSS Feed Download PDF Download Text File...

VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

3. VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability CVE-2021-22045 The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a...

VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

1. Impacted Products VMware ESXi VMware Workstation Pro / Player Workstation VMware Fusion VMware Cloud Foundation 2. Introduction A heap-overflow vulnerability in VMware Workstation, Fusion and ESXi was privately reported to VMware. Updates are available to remediate this vulnerability in...

VMSA-2022-0001:VMware Workstation, Fusion and ESXi updates address a heap-overfLOW vulnerability

Advisory ID: VMSA-2022-0001.2 CVSSv3 Range: 7.7 Issue Date:2022-01-04 Updated On: 2022-02-14 CVEs: CVE-2021-22045 Synopsis: VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability CVE-2021-22045 RSS Feed Download PDF Download Text File Share this page on social media: 1...

VMware Workspace ONE UEM console patches address SSRF vulnerability (CVE-2021-22054)

3. Advisory Details VMware Workspace ONE UEM console contains a Server Side Request Forgery SSRF vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1...

VMSA-2021-0030:VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities

Advisory ID: VMSA-2021-0030 CVSSv3 Range: 5.5-6.6 Issue Date:2021-12-17 Updated On: 2021-12-17 Initial Advisory CVEs: CVE-2021-22056, CVE-2021-22057 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities CVE-2021-22056,...

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

3. Problem Description Multiple products impacted by remote code execution vulnerabilities via Apache Log4j CVE-2021-44228, CVE-2021-45046...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Proxy VMware vRealize Automation VMware...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

1. Impacted Products Under Evaluation VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware...

VMSA-2021-0028:VMware Response to Apache Log4j Remote Code Execution Vulnerabilities

Advisory ID: VMSA-2021-0028.13 CVSSv3 Range: 9.0-10.0 Issue Date:2021-12-10 Updated On: 2022-04-14 CVEs: CVE-2021-44228, CVE-2021-45046 Synopsis: VMware Response to Apache Log4j Remote Code Execution Vulnerabilities CVE-2021-44228, CVE-2021-45046 RSS Feed Download PDF Download Text File Share thi...

VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)

3a. vCenter Server updates address arbitrary file read vulnerability in the vSphere Web Client CVE-2021-21980 The vSphere Web Client FLEX/Flash contains an unauthorized arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a...

VMSA-2021-0027:VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities

Advisory ID: VMSA-2021-0027.1 CVSSv3 Range: 6.5-7.5 Issue Date:2021-11-23 Updated On: 2022-02-15 CVEs: CVE-2021-21980, CVE-2021-22049 Synopsis: VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities CVE-2021-21980, CVE-2021-22049 RSS Feed Download PDF Download Text Fil...

VMware Tanzu Application Service for VMs updates address a denial-of-service vulnerability (CVE-2021-22101)

3a. VMware Tanzu Application service for VMs updates address a denial-of-service vulnerability CVE-2021-22101 VMware Tanzu Application Service for VMs uses Cloud Controller CAPI from Cloud Foundry which is vulnerable to an unauthenticated denial-of-serviceDoS vulnerability. VMware has evaluated...

VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...

VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...

VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...

VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...

VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...

VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

3. VMware vCenter Server IWA privilege escalation vulnerability CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA Integrated Windows Authentication authentication mechanism. VMware has evaluated the severity of this issue to be in the Important severity...

VMSA-2021-0025:VMware vCenter Server updates address a privilege escalation vulnerability

Advisory ID: VMSA-2021-0025.6 CVSSv3 Range: 7.1 Issue Date:2021-11-10 Updated On: 2022-12-15 CVEs: CVE-2021-22048 Synopsis: VMware vCenter Server updates address a privilege escalation vulnerability CVE-2021-22048 RSS Feed Download PDF Download Text File Share this page on social media: 1...

VMSA-2021-0024:VMware vRealize Operations Tenant App update addresses Information Disclosure Vulnerability

Advisory ID: VMSA-2021-0024 CVSSv3 Range: 5.3 Issue Date:2021-10-19 Updated On: 2021-10-19 CVEs: CVE-2021-22034 Synopsis: VMware vRealize Operations Tenant App update addresses Information Disclosure Vulnerability CVE-2021-22034 RSS Feed Download PDF Download Text File Share this page on social...

VMware vRealize Orchestrator update addresses open redirect vulnerability (CVE-2021-22036)

3. VMware vRealize Orchestrator update addresses open redirect vulnerability CVE-2021-22036 VMware vRealize Orchestrator contains an open redirect vulnerability due to improper path handling. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv...

VMSA-2021-0023:VMware vRealize Orchestrator update addresses open redirect vulnerability

Advisory ID: VMSA-2021-0023.1 CVSSv3 Range: 6.5 Issue Date:2021-10-12 Updated On: 2021-10-13 CVEs: CVE-2021-22036 Synopsis: VMware vRealize Orchestrator update addresses open redirect vulnerability CVE-2021-22036 RSS Feed Download PDF Download Text File Share this page on social media: 1. Impacte...

VMSA-2021-0021:VMware vRealize Operations update addresses SSRF Vulnerability

Advisory ID: VMSA-2021-0021.1 CVSSv3 Range: 2.7 Issue Date:2021-10-12 Updated On: 2022-10-31 CVEs: CVE-2021-22033 Synopsis: VMware vRealize Operations update addresses SSRF Vulnerability CVE-2021-22033 RSS Feed Download PDF Download Text File Share this page on social media: 1. Impacted Products...