VMSA-2021-0022:VMware vRealize Log Insight updates address CSV injection vulnerability

Advisory ID: VMSA-2021-0022 CVSSv3 Range: 6.5 Issue Date:2021-10-12 Updated On: 2021-10-12 Initial Advisory CVEs: CVE-2021-22035 Synopsis: VMware vRealize Log Insight updates address CSV injection vulnerability CVE-2021-22035 RSS Feed Download PDF Download Text File Share this page on social medi...

VMware vCenter Server updates address multiple security vulnerabilities

3a. vCenter Server file upload vulnerability CVE-2021-22005 The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. vCenter Server...

VMSA-2021-0020:VMware vCenter Server updates address multiple security vulnerabilities

Advisory ID:VMSA-2021-0020.2 CVSSv3 Range:4.3-9.8 Issue Date:2021-09-21 Updated On:2025-12-05 CVEs:CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013,...

VMSA-2021-0019:VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability

Advisory ID: VMSA-2021-0019 CVSSv3 Range: 6.5 Issue Date:2021-08-24 Updated On: 2021-08-24 Initial Advisory CVEs: CVE-2021-22021 Synopsis: VMware vRealize Log Insight updates address Cross Site Scripting XSS vulnerability CVE-2021-22021 RSS Feed Download PDF Download Text File Share this page on...

VMSA-2021-0018:VMware vRealize Operations updates address multiple security vulnerabilities

Advisory ID: VMSA-2021-0018 CVSSv3 Range: 4.4 - 8.6 Issue Date:2021-08-24 Updated On: 2021-08-24 Initial Advisory CVEs: CVE-2021-22022, CVE-2021-22023, CVE-2021-22024, CVE-2021-22025, CVE-2021-22026, CVE-2021-22027 Synopsis: VMware vRealize Operations updates address multiple security...

VMware Workspace ONE UEM console patches address a denial of service vulnerability (CVE-2021-22029)

3. Advisory Details VMware Workspace ONE UEM REST API contains a denial of service vulnerability. VMware has evaluated this issue to be of 'Moderate' severity with a maximum CVSSv3 base score of 5.3...

VMSA-2021-0016:VMware Workspace ONE Access, Identity Manager and vRealize Automation address multiple vulnerabilities

Advisory ID: VMSA-2021-0016.2 CVSSv3 Range: 3.7-8.6 Issue Date:2021-08-05 Updated On: 2021-11-12 CVEs: CVE-2021-22002, CVE-2021-22003 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation address multiple vulnerabilities CVE-2021-22002, CVE-2021-22003 RSS Feed Download P...

VMware ThinApp update addresses a DLL hijacking vulnerability (CVE-2021-22000)

3. VMware ThinApp update addresses a DLL hijacking vulnerability CVE-2021-22000 VMware ThinApp contains a DLL hijacking vulnerability due to insecure loading of DLLs. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8...

VMSA-2021-0014:VMware ESXi updates address authentication and denial of service vulnerabilities

Advisory ID: VMSA-2021-0014.1 CVSSv3 Range: 5.3-7.0 Issue Date:2021-07-13 Updated On: 2021-08-24 CVEs: CVE-2021-21994, CVE-2021-21995 Synopsis: VMware ESXi updates address authentication and denial of service vulnerabilities CVE-2021-21994, CVE-2021-21995 RSS Feed Download PDF Download Text File...

VMware Carbon Black App Control update addresses authentication bypass (CVE-2021-21998)

3. VMware Carbon Black App Control updates address authentication bypass CVE-2021-21998 The VMware Carbon Black App Control management server has an authentication bypass. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.4...

VMSA-2021-0013:VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability

Advisory ID: VMSA-2021-0013 CVSSv3 Range: 7.8 Issue Date:2021-06-22 Updated On: 2021-06-22 Initial Advisory CVEs: CVE-2021-21999 Synopsis: VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability CVE-2021-21999 RSS Feed Download PDF Download Text File...

VMSA-2021-0011:VMware Tools for Windows update addresses a denial-of-service vulnerability

Advisory ID: VMSA-2021-0011 CVSSv3 Range: 3.3 Issue Date:2021-06-17 Updated On: 2021-06-17 Initial Advisory CVEs: CVE-2021-21997 Synopsis: VMware Tools for Windows update addresses a denial-of-service vulnerability CVE-2021-21997 RSS Feed Download PDF Download Text File Share this page on social...

VMSA-2021-0010:VMware vCenter Server updates address remote code execution and authentication vulnerabilities

Advisory ID: VMSA-2021-0010 CVSSv3 Range: 6.5-9.8 Issue Date:2021-05-25 Updated On: 2021-05-25 Initial Advisory CVEs: CVE-2021-21985, CVE-2021-21986 Synopsis: VMware vCenter Server updates address remote code execution and authentication vulnerabilities CVE-2021-21985, CVE-2021-21986 RSS Feed...

VMSA-2021-0009:VMware Workstation and Horizon Client for Windows updates address multiple security vulnerabilities

Advisory ID: VMSA-2021-0009 CVSSv3 Range: 3.2 Issue Date:2021-05-20 Updated On: 2021-05-20 Initial Advisory CVEs: CVE-2021-21987, CVE-2021-21988, CVE-2021-21989 Synopsis: VMware Workstation and Horizon Client for Windows updates address multiple security vulnerabilities CVE-2021-21987,...

VMware Workspace ONE UEM console patches address a cross-site scripting vulnerability (CVE-2021-21990)

3. Cross Site Scripting XSS vulnerability in VMware Workspace ONE UEM console CVE-2021-21990 VMware Workspace ONE UEM console does not validate an incoming request during device enrollment.VMware has evaluated the severity of this issue to be in the low severity range with a maximum CVSSv3 base...

VMSA-2021-0007:VMware vRealize Business for Cloud updates address a remote code execution vulnerability

Advisory ID: VMSA-2021-0007 CVSSv3 Range: 9.8 Issue Date:2021-05-05 Updated On: 2021-05-05 Initial Advisory CVEs: CVE-2021-21984 Synopsis: VMware vRealize Business for Cloud updates address a remote code execution vulnerability CVE-2021-21984 RSS Feed Download PDF Download Text File Share this pa...

VMSA-2021-0006:VMware NSX-T updates address a privilege escalation vulnerability

Advisory ID: VMSA-2021-0006 CVSSv3 Range: 7.5 Issue Date:2021-04-19 Updated On: 2021-04-19 Initial Advisory CVEs: CVE-2021-21981 Synopsis: VMware NSX-T updates address a privilege escalation vulnerability CVE-2021-21981 RSS Feed Download PDF Download Text File Share this page on social media: 1...

VMware Carbon Black Cloud Workload appliance update addresses incorrect URL handling vulnerability (CVE-2021-21982)

3. Advisory Details A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1...

VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)

3a. Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 The vRealize Operations Manager API contains a Server Side Request Forgery. VMware has evaluated this issue to be of 'Important' severity with a maximum CVSSv3 base score of 8.6. 3b. Arbitrary file write vulnerabili...

VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)

1. Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction Multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware. Patches and Workarounds are available to address these vulnerabilities in impacted...

VMSA-2021-0004:VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities

Advisory ID: VMSA-2021-0004.2 CVSSv3 Range: 7.2 - 8.6 Issue Date:2021-03-30 Updated On: 2021-08-24 CVEs: CVE-2021-21975, CVE-2021-21983 Synopsis: VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities CVE-2021-21975, CVE-2021-21983 RSS Feed...

VMware View Planner update addresses remote code execution vulnerability (CVE-2021-21978)

3. Advisory Details VMware View Planner contains a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6...

VMSA-2021-0002:VMware ESXi and vCenter Server updates address multiple security vulnerabilities

Advisory ID: VMSA-2021-0002 CVSSv3 Range: 5.3-9.8 Issue Date:2021-02-23 Updated On: 2021-02-23 Initial Advisory CVEs: CVE-2021-21972, CVE-2021-21973, CVE-2021-21974 Synopsis: VMware ESXi and vCenter Server updates address multiple security vulnerabilities CVE-2021-21972, CVE-2021-21973,...

VMSA-2021-0001:vSphere Replication updates address a command injection vulnerability

Advisory ID: VMSA-2021-0001 CVSSv3 Range: 7.2 Issue Date:2021-02-11 Updated On: 2021-02-11 Initial Advisory CVEs: CVE-2021-21976 Synopsis: vSphere Replication updates address a command injection vulnerability CVE-2021-21976 RSS Feed Download PDF Download Text File Share this page on social media:...

VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability (CVE-2020-3999)

3a. Denial-of-Service Vulnerability due to improper input validation CVE-2020-3999 VMware ESXi, Workstation and Fusion contain a denial of service vulnerability due to improper input validation in GuestInfo. VMware has evaluated the severity of this issue to be in the Low severity range with a...

VMware Carbon Black Cloud macOS Sensor installer updates address file overwrite issue (CVE-2020-4008)

3. VMware Carbon Black Cloud macOS Sensor installer file overwrite issue CVE-2020-4008 The installer of the macOS Sensor for VMware Carbon Black Cloud handles certain files in an insecure way. VMware has evaluated the severity of this issue to be in the Low severity range with a CVSSv3 base score...

VMSA-2020-0029:VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability

Advisory ID: VMSA-2020-0029.1 CVSSv3 Range: 3.3 Issue Date:2020-12-17 Updated On: 2021-02-09 CVEs: CVE-2020-3999 Synopsis: VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability CVE-2020-3999 RSS Feed Download PDF Download Text File Share this page...

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability

3a. Command Injection Vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector administrative configurator CVE-2020-4006 VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command...

VMSA-2020-0027:VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability

Advisory ID: VMSA-2020-0027.2 CVSSv3 Range: 7.2 Issue Date:2020-11-23 Updated On: 2020-12-03 CVEs: CVE-2020-4006 Synopsis: VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability RSS Feed Download PDF Download Text Fi...

VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005)

3a. Use-after-free vulnerability in XHCI USB controller CVE-2020-4004 VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9....

VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)

3a. SQL injection vulnerability due to improper input validation CVE-2020-3984 The SD-WAN Orchestrator does not apply correct input validation which allows for SQL-injection. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...

VMSA-2020-0026:VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities

Advisory ID: VMSA-2020-0026.1 CVSSv3 Range: 8.8 - 9.3 Issue Date:2020-11-19 Updated On: 2020-11-24 CVEs: CVE-2020-4004, CVE-2020-4005 Synopsis: VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities CVE-2020-4004, CVE-2020-4005 RSS Feed Downloa...

VMware Horizon Server and VMware Horizon Client updates address multiple security vulnerabilities (CVE-2020-3997, CVE-2020-3998)

3a. VMware Horizon Server Cross Site Scripting XSS vulnerability CVE-2020-3997 VMware Horizon Server does not correctly validate user input. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.1. 3b. VMware Horizon Client for...

VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)

3a. ESXi OpenSLP remote code execution vulnerability CVE-2020-3992 OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. NSX-T MITM vulnerability CVE-2020-3993 VMware...

VMSA-2020-0023:VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities

Advisory ID: VMSA-2020-0023.3 CVSSv3 Range: 5.9 - 9.8 Issue Date:2020-10-20 Updated On: 2020-11-24 CVEs: CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995 Synopsis: VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities...

VMware Horizon Client update addresses a denial-of-service vulnerability (CVE-2020-3991)

3. File system access control denial-of-service vulnerability CVE-2020-3991 VMware Horizon Client for Windows contains a denial-of-service vulnerability due to a file system access control issue during install time. VMware has evaluated the severity of this issue to be in the Moderate severity...

Horizon DaaS update addresses a broken authentication vulnerability (CVE-2020-3977)

3. Broken authentication vulnerability CVE-2020-3977 Horizon DaaS contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base...

VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990)

3a. PATH configuration privilege escalation vulnerability CVE-2020-3980 VMware Fusion contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3...

VMSA-2020-0020:VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities

Advisory ID: VMSA-2020-0020.1 CVSSv3 Range: 3.8-6.7 Issue Date:2020-09-14 Updated On: 2020-11-19 CVEs: CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990 Synopsis: VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities...

VMware App Volumes patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3975)

3a. Advisory Details VMware App Volumes does not correctly validate user input when creating and editing applications or creating storage groups. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.5...

VMSA-2020-0018:VMware ESXi, vCenter Server, and Cloud Foundation updates address a partial denial of service vulnerability

Advisory ID: VMSA-2020-0018 CVSSv3 Range: 5.3 Issue Date:2020-08-20 Updated On: 2020-08-20 Initial Advisory CVEs: CVE-2020-3976 Synopsis: VMware ESXi, vCenter Server, and Cloud Foundation updates address a partial denial of service vulnerability CVE-2020-3976 RSS Feed Download PDF Download Text...

VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973)

3a. Advisory Details The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5...

VMSA-2020-0017:VMware Fusion, VMware Remote Console and Horizon Client updates address a privilege escalation vulnerability

Advisory ID: VMSA-2020-0017 CVSSv3 Range: 7.8 Issue Date:2020-07-09 Updated On: 2020-07-09 Initial Advisory CVEs: CVE-2020-3974 Synopsis: VMware Fusion, VMware Remote Console and Horizon Client updates address a privilege escalation vulnerability CVE-2020-3974 RSS Feed Download PDF Download Text...

VMSA-2020-0015:VMware Cloud Foundation, ESXi, Workstation, and Fusion updates address multiple security vulnerabilities

Advisory ID: VMSA-2020-0015.2 CVSSv3 Range: 4.0 - 9.3 Issue Date:2020-06-23 Updated On: 2020-07-02 CVEs: CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3971 Synopsis: VMware Cloud Foundation, ESXi,...

VMSA-2020-0014:VMware Tools for macOS update addresses a denial-of-service vulnerability

Advisory ID: VMSA-2020-0014 CVSSv3 Range: 3.3 Issue Date:2020-06-18 Updated On: 2020-06-18 Initial Advisory CVEs: CVE-2020-3972 Synopsis: VMware Tools for macOS update addresses a denial-of-service vulnerability CVE-2020-3972 RSS Feed Download PDF Download Text File Share this page on social medi...

VMware Horizon Client for Windows update addresses privilege escalation vulnerability (CVE-2020-3961)

3. VMware Horizon Client for Windows privilege escalation vulnerability VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. VMware has evaluated the severity of this issue to be in the Important...

VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3957, CVE-2020-3958, CVE-2020-3959)

3a. Service opener - Time-of-check Time-of-use TOCTOU issue CVE-2020-3957 VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use TOCTOU issue in the service opener. VMware has evaluated the severity of this issu...

VMSA-2020-0012:VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability

Advisory ID: VMSA-2020-0012 CVSSv3 Range: 7.1 Issue Date:2020-06-09 Updated On: 2020-06-09 Initial Advisory CVEs: CVE-2020-3960 Synopsis: VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability CVE-2020-3960 RSS Feed Download PDF Download Text File Share this page on...

VMSA-2020-0011:VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities

Advisory ID: VMSA-2020-0011.1 CVSSv3 Range: 3.3-7.3 Issue Date:2020-05-28 Updated On: 2020-07-09 CVEs: CVE-2020-3957, CVE-2020-3958, CVE-2020-3959 Synopsis: VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities CVE-2020-3957,...

vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)

3. vRealize Operations Application Remote Collector ARC addresses Authentication Bypass CVE-2020-11651 and Directory Traversal CVE-2020-11652 vulnerabilities. The Application Remote Collector ARC introduced with vRealize Operations 7.5 utilizes Salt which is affected by CVE-2020-11651 and...