CVE-2021-21999

Affected products: VMware Tools for Windows (11.x.y before 11.2.6), VMware Remote Console for Windows (12.x before 12.0.1), and VMware App Volumes (2.x before 2.18.10 and 4 before 2103). Root cause: local privilege escalation via placing a malicious file named openssl.cnf in an unrestricted direc...

CVE-2020-3975

CVE-2020-3975 describes a Stored XSS issue in VMware App Volumes for 2.x (pre-2.18.6) and 4.x (pre-2006). The root cause is inadequate input validation when creating/editing applications or storage groups, enabling a malicious actor with those permissions to inject script executed in a victim’s b...