Cloud Foundation Security Vulnerabilities and Issues — Page 3 of Cloud Foundation CVE List

Lucene search

VmwareCloud Foundation

125 matches found

CVE•added 2021/08/30 6:15 p.m.•60 views

CVE-2021-22023

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

7.2CVSS7AI score0.00324EPSS

CVE•added 2024/02/21 5:15 a.m.•59 views

CVE-2024-22235

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

6.7CVSS6.8AI score0.00045EPSS

CVE•added 2021/08/30 6:15 p.m.•57 views

CVE-2021-22026

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

7.5CVSS7.3AI score0.003EPSS

CVE•added 2023/09/27 3:18 p.m.•57 views

CVE-2023-34043

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

6.7CVSS6.8AI score0.00039EPSS

CVE•added 2021/08/30 6:15 p.m.•56 views

CVE-2021-22022

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.

4.9CVSS5.9AI score0.00214EPSS

CVE•added 2021/08/30 6:15 p.m.•56 views

CVE-2021-22027

7.5CVSS7.3AI score0.0027EPSS

CVE•added 2023/05/12 9:15 p.m.•56 views

CVE-2023-20880

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

6.7CVSS7.3AI score0.00041EPSS

CVE•added 2025/01/30 4:15 p.m.•56 views

CVE-2025-22219

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.

9CVSS6.5AI score0.00092EPSS

CVE•added 2025/01/30 4:15 p.m.•56 views

CVE-2025-22221

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configur...

5.2CVSS5AI score0.00097EPSS

CVE•added 2025/06/04 8:15 p.m.•55 views

CVE-2025-22244

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

6.9CVSS5.6AI score0.00039EPSS

CVE•added 2023/05/12 9:15 p.m.•54 views

CVE-2023-20879

VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.

6.7CVSS7.3AI score0.00045EPSS

CVE•added 2021/08/30 7:15 p.m.•53 views

CVE-2021-22021

VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared das...

5.4CVSS5.3AI score0.00402EPSS

CVE•added 2023/05/12 9:15 p.m.•53 views

CVE-2023-20878

VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.

7.2CVSS7.8AI score0.00557EPSS

CVE•added 2024/11/26 12:15 p.m.•53 views

CVE-2024-38830

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

7.8CVSS7.9AI score0.00032EPSS

CVE•added 2020/10/20 5:15 p.m.•51 views

CVE-2020-3993

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

5.9CVSS6.4AI score0.00198EPSS

CVE•added 2025/06/04 8:15 p.m.•50 views

CVE-2025-22245

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

5.9CVSS5.4AI score0.00033EPSS

CVE•added 2021/09/23 12:15 p.m.•49 views

CVE-2021-22012

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

7.5CVSS7.5AI score0.00776EPSS

CVE•added 2024/11/26 12:15 p.m.•49 views

CVE-2024-38832

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

7.1CVSS6.5AI score0.00314EPSS

CVE•added 2021/10/13 4:15 p.m.•48 views

CVE-2021-22033

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

4CVSS4AI score0.00216EPSS

CVE•added 2024/11/26 12:15 p.m.•47 views

CVE-2024-38834

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

6.5CVSS6.1AI score0.00246EPSS

CVE•added 2024/11/26 12:15 p.m.•46 views

CVE-2024-38833

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

6.8CVSS6.3AI score0.00163EPSS

CVE•added 2021/10/13 4:15 p.m.•45 views

CVE-2021-22035

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log I...

4.3CVSS4.5AI score0.00444EPSS

CVE•added 2024/11/26 12:15 p.m.•45 views

CVE-2024-38831

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.

7.8CVSS8AI score0.00254EPSS

CVE•added 2024/06/25 3:15 p.m.•42 views

CVE-2024-37087

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.

5.3CVSS6.9AI score0.00615EPSS

CVE•added 2025/05/20 1:15 p.m.•32 views

CVE-2025-41231

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.

7.3CVSS7.1AI score0.00023EPSS

Total number of security vulnerabilities125