Lucene search
K
VmwareCloud Foundation

135 matches found

CVE
CVE
added 2025/06/04 7:31 p.m.87 views

CVE-2025-22243

CVE-2025-22243 is a stored XSS vulnerability in VMware NSX Manager UI caused by improper input validation. The issue affects the NSX Manager UI component where an attacker with privileges to create or modify network settings could inject script that executes when a user views the affected page. T...

7.5CVSS5.7AI score0.00309EPSS
CVE
CVE
added 2022/12/14 12:0 a.m.85 views

CVE-2022-31701

CVE-2022-31701 affects VMware Workspace ONE Access and VMware Identity Manager. The Red Hat/VMware/NVD and VMSA details confirm a broken authentication vulnerability exploitable via a network path, with a CVSSv3 base score of 5.3 (Moderate); affected components are the authentication endpoints wh...

5.3CVSS6AI score0.00501EPSS
CVE
CVE
added 2021/09/23 12:16 p.m.84 views

CVE-2021-22018

CVE-2021-22018 affects VMware vCenter Server via an arbitrary file deletion vulnerability in the vSphere Life-cycle Manager plug-in. A remote attacker can delete non-critical files by targeting port 9087. This is documented in multiple sources (e.g., RH-CVE-2021-22018 and VMware advisory VMSA-202...

6.5CVSS6.7AI score0.01053EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.83 views

CVE-2022-31681

VMware ESXi 6.5/6.7/7.0 are affected by CVE-2022-31681, a local, VMX-process privileged NULL-pointer dereference leading to host denial of service. The issue allows a privileged, VMX-local attacker to trigger a DoS on the host via a crafted request. Remediation is available via VMware patches: ES...

6.5CVSS6.8AI score0.00199EPSS
CVE
CVE
added 2020/06/25 2:43 p.m.81 views

CVE-2020-3968

Summary: CVE-2020-3968 is an out-of-bounds write vulnerability in the USB 3.0 xHCI controller across VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839; 6.7 before 202004101-SG; 6.5 before 202005401-SG), VMware Workstation (15.x before 15.5.5), and VMware Fusion (11.x before 11.5.5). A local VM adm...

8.2CVSS8.1AI score0.0057EPSS
CVE
CVE
added 2021/09/23 11:58 a.m.81 views

CVE-2021-22013

CVE-2021-22013 is a path traversal vulnerability in VMware vCenter Server’s appliance management API that could allow an unauthenticated attacker with network access to port 443 to read arbitrary files, leading to information disclosure. Affected software is vCenter Server; root cause is improper...

7.5CVSS7.4AI score0.01602EPSS
CVE
CVE
added 2020/06/25 2:37 p.m.80 views

CVE-2020-3970

VMware CVE-2020-3970 affects ESXi (7.0 before 7.0.0-1.20.16321839; 6.7 before 202004101-SG; 6.5 before 202005401-SG), Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5. It is an out-of-bounds read in the Shader functionality that can be triggered by a local user with non-administrativ...

3.8CVSS4.8AI score0.00382EPSS
CVE
CVE
added 2021/08/30 5:54 p.m.75 views

CVE-2021-22025

CVE-2021-22025 pertains to VMware vRealize Operations Manager API, where a broken access control vulnerability allows an unauthenticated attacker to add new nodes to a vROps cluster. The issue affects multiple 8.x releases prior to 8.5, with the highest impact in 8.4.x/8.3.x/8.2.x/8.1.x/8.0.x/7.5...

7.5CVSS7.5AI score0.00809EPSS
CVE
CVE
added 2026/06/08 7:6 a.m.75 views

CVE-2026-41723

VMware Cloud Foundation Operations is affected by CVE-2026-41723 (and related CVEs) with multiple stored cross-site scripting vulnerabilities. The NVD/NVD-derived details indicate an issue in VMware Cloud Foundation Operations where a malicious actor with privileges to create policies, views, or ...

8CVSS5.2AI score0.00399EPSS
CVE
CVE
added 2021/08/30 5:53 p.m.74 views

CVE-2021-22024

CVE-2021-22024 is an arbitrary log-file read vulnerability in the vRealize Operations Manager API (affecting 8.x prior to 8.5). An unauthenticated attacker with network access to the API can read arbitrary log files, exposing sensitive data. The issue is part of a set of vulnerabilities (CVE-2021...

7.5CVSS7.2AI score0.01038EPSS
CVE
CVE
added 2021/08/30 5:53 p.m.73 views

CVE-2021-22022

Summary (CVE-2021-22022) : VMware vRealize Operations Manager API (versions 8.x before 8.5) contains an arbitrary file read vulnerability. An attacker with administrative access to the vROps API can read arbitrary files on the server, causing information disclosure. The issue is tied to the vROps...

4.9CVSS5.9AI score0.01134EPSS
CVE
CVE
added 2024/11/26 11:49 a.m.73 views

CVE-2024-38830

CVE-2024-38830 affects VMware Aria Operations and is a local privilege-escalation vulnerability. The Nessus/NVD entries describe that an attacker with local administrative privileges can escalate to root on the appliance. The issue is addressed in VMware Aria Operations with patches up to version...

7.8CVSS7.9AI score0.00178EPSS
CVE
CVE
added 2025/01/30 3:26 p.m.73 views

CVE-2025-22219

VMware Aria Operations for Logs is affected by CVE-2025-22219 (stored cross-site scripting). According to the sources, a malicious actor with non-administrative privileges can inject scripts that may lead to arbitrary admin actions. Remediation is available in the fixed version 8.18.3 for Aria Op...

9CVSS6.5AI score0.00642EPSS
CVE
CVE
added 2025/06/04 7:32 p.m.73 views

CVE-2025-22244

CVE-2025-22244 is a stored XSS in VMware NSX gateway firewall caused by improper input validation. Connected advisories confirm multiple NSX components are affected (gateway firewall among others) and provide fixed versions: NSX 4.2.2.1, NSX 4.2.1.4, and NSX 4.1.2.6 (and related NSX-T/Cloud Found...

6.9CVSS5.6AI score0.00263EPSS
CVE
CVE
added 2021/08/30 5:53 p.m.72 views

CVE-2021-22023

CVE-2021-22023 affects VMware vRealize Operations Manager API (8.x) before 8.5. The vulnerability is an insecure direct object reference that could allow a user with administrative API access to modify other users’ information, potentially enabling account takeover. The available connected source...

7.2CVSS7AI score0.00999EPSS
CVE
CVE
added 2021/08/30 5:54 p.m.72 views

CVE-2021-22027

Summary of CVE-2021-22027 : The vRealize Operations Manager API contains a Server Side Request Forgery vulnerability in multiple endpoints that can be exploited by an unauthenticated attacker with network access to disclose information. This is associated with CVE-2021-22027 and is addressed in V...

7.5CVSS7.3AI score0.0116EPSS
CVE
CVE
added 2025/01/30 3:30 p.m.72 views

CVE-2025-22221

CVE-2025-22221 affects VMware Aria Operations for Logs. The stored cross-site scripting vulnerability can be triggered by a malicious actor with admin privileges to VMware Aria Operations for Logs, allowing injection of a script that could execute in a victim’s browser during a delete action in t...

5.2CVSS5AI score0.00385EPSS
CVE
CVE
added 2021/08/30 6:6 p.m.71 views

CVE-2021-22021

VMware vRealize Log Insight (8.x prior to 8.4) has an XSS vulnerability caused by improper user input validation. An attacker with user privileges can inject a malicious payload via the Log Insight UI, which executes when a victim accesses a shared dashboard link. Public sources and advisories co...

5.4CVSS5.3AI score0.00468EPSS
CVE
CVE
added 2021/08/30 5:54 p.m.71 views

CVE-2021-22026

The SSRF issue CVE-2021-22026 affects VMware vRealize Operations Manager API (versions 8.x before 8.5). The vulnerability allows an unauthenticated actor with network access to perform server-side requests, leading to information disclosure. VMware’s advisory (VMSA-2021-0018) details the affected...

7.5CVSS7.3AI score0.01128EPSS
CVE
CVE
added 2023/05/12 12:0 a.m.70 views

CVE-2023-20878

CVE-2023-20878 affects VMware Aria Operations (formerly vRealize Operations). The connected sources describe a deserialization vulnerability that allows a malicious actor with administrative privileges to execute arbitrary commands and disrupt the system. Exploitation details in the VMSA-2023-000...

7.2CVSS7.8AI score0.01001EPSS
CVE
CVE
added 2023/05/12 12:0 a.m.69 views

CVE-2023-20880

CVE-2023-20880 affects VMware Aria Operations. The connected sources confirm a Local Privilege Escalation vulnerability in the Aria Operations component that, when exploited by an administrator, can escalate to root on the underlying OS. The issue is documented across multiple feeds (NVD/Red Hat/...

6.7CVSS7.3AI score0.00224EPSS
CVE
CVE
added 2023/05/12 12:0 a.m.67 views

CVE-2023-20879

CVE-2023-20879 affects VMware Aria Operations and describes a Local Privilege Escalation vulnerability where a user with administrative privileges can gain root access to the underlying OS. The issue is corroborated across multiple sources (Red Hat, NVD, CVE lists, Nessus plugin), which align on ...

6.7CVSS7.3AI score0.00183EPSS
CVE
CVE
added 2025/06/04 7:32 p.m.67 views

CVE-2025-22245

VMware NSX contains a stored XSS vulnerability in the router port due to improper input validation (CVE-2025-22245). The issue is addressed by VMware Broadcom VMSA-2025-0012/0012.1, with fixed versions listed for various NSX releases: NSX 4.2.2.1, 4.2.1.4, 4.1.2.6 (and NSX-T 3.2.4.2; higher-level...

5.9CVSS5.4AI score0.0022EPSS
CVE
CVE
added 2020/10/20 4:11 p.m.65 views

CVE-2020-3993

CVE-2020-3993 affects VMware NSX-T; the issue is a MITM-enabled vulnerability that allows a KVM host to download and install packages from the NSX manager, potentially compromising a transport node. The VMware advisory VMSA-2020-0023.3 and related materials specify fixes for NSX-T: update to NSX-...

5.9CVSS6.4AI score0.00923EPSS
CVE
CVE
added 2021/10/13 3:42 p.m.65 views

CVE-2021-22033

CVE-2021-22033 affects VMware vRealize Operations prior to 8.6. The root cause is a Server Side Request Forgery (SSRF) vulnerability. Impact is Low CVSS v3.1 (2.7) with network access, requiring admin privileges and no user interaction. Remediation is to apply the fixed versions: vRealize Operati...

4CVSS4AI score0.00588EPSS
CVE
CVE
added 2021/10/13 3:50 p.m.65 views

CVE-2021-22035

CVE-2021-22035 affects VMware vRealize Log Insight (8.x, prior to 8.6). A CSV injection vulnerability exists in the interactive analytics export function, allowing an authenticated user with non-administrative privileges to embed untrusted data in a CSV export, potentially executing in the user’s...

4.3CVSS4.5AI score0.00553EPSS
CVE
CVE
added 2024/11/26 11:51 a.m.64 views

CVE-2024-38832

CVE-2024-38832 corresponds to a stored cross-site scripting (XSS) vulnerability in VMware Aria Operations. The issue affects the ability of a malicious actor with editing access to views to inject scripts, potentially leading to stored XSS in the product. Connected sources (VMSA-2024-0022, NVD en...

7.1CVSS6.5AI score0.00449EPSS
CVE
CVE
added 2024/11/26 11:56 a.m.63 views

CVE-2024-38834

CVE-2024-38834 is a stored cross-site scripting vulnerability in VMware Aria Operations. The issue allows a malicious actor with editing access to cloud provider settings or views to inject scripts, leading to stored XSS in the product. The vulnerability is documented across multiple sources (NVD...

6.5CVSS6.1AI score0.0032EPSS
CVE
CVE
added 2021/09/23 11:58 a.m.62 views

CVE-2021-22012

CVE-2021-22012 affects VMware vCenter Server. An information-disclosure vulnerability exists due to an unauthenticated appliance management API that allows a remote attacker with network access to port 443 to access sensitive information. Connected sources corroborate an unauthenticated API endpo...

7.5CVSS7.5AI score0.01339EPSS
CVE
CVE
added 2024/11/26 11:50 a.m.62 views

CVE-2024-38831

Summary: CVE-2024-38831 affects VMware Aria Operations. A local attacker with administrative privileges can modify the properties file to escalate to root. The issue is addressed in the VMSA-2024-0022 advisory, which groups CVE-2024-38830/38831/38832/38833/38834 and lists a fixed version of 8.18....

7.8CVSS8AI score0.00293EPSS
CVE
CVE
added 2024/06/25 2:16 p.m.61 views

CVE-2024-37087

CVE-2024-37087 : VMware vCenter Server suffers a Denial of Service due to improper input validation in the License Server. A remote attacker with network access can trigger DoS. The issue is rated moderate (CVSSv3 base 5.3). Remediation per connected sources includes upgrading to fixed versions: ...

5.3CVSS6.9AI score0.00706EPSS
CVE
CVE
added 2024/11/26 11:54 a.m.60 views

CVE-2024-38833

CVE-2024-38833 is a stored cross-site scripting vulnerability in VMware Aria Operations. A malicious actor with editing access to email templates could inject script resulting in stored XSS. Connected sources attribute a moderate to high impact depending on access; CVSS details include up to 6.8 ...

6.8CVSS6.3AI score0.00408EPSS
CVE
CVE
added 2026/02/25 8:0 p.m.51 views

CVE-2026-22721

CVE-2026-22721 affects VMware Aria Operations (8.x) prior to 8.18.6. A privileged actor in vCenter who can access Aria Operations can escalate to administrative rights. Remediation is via patches listed in the Fixed Version column of the VMSA-2026-0001 response matrix (Broadcom VMware security ad...

7.2CVSS5.3AI score0.00686EPSS
CVE
CVE
added 2025/05/20 12:54 p.m.46 views

CVE-2025-41231

VMware Cloud Foundation contains a Missing Authorisation vulnerability (CVE-2025-41231). The advisory details that an attacker with access to the VMware Cloud Foundation appliance could perform certain unauthorised actions and access limited sensitive information. The issue is part of a set of vu...

7.3CVSS7.1AI score0.00157EPSS
CVE
CVE
added 2026/02/25 7:33 p.m.25 views

CVE-2026-22720

CVE-2026-22720 affects VMware Aria Operations 8.x prior to 8.18.6, with a stored XSS in custom benchmarks. Remediation is to apply the fixes listed in VMSA-2026-0001 (Aria Operations 8.18.6). Connected sources also note CVE-2026-22719 (command injection) and CVE-2026-22721 (privilege escalation) ...

9CVSS4.9AI score0.00411EPSS
Total number of security vulnerabilities135