Cloud Foundation@* Security Vulnerabilities and Issues — Cloud Foundation@* CVE List

Lucene search

VmwareCloud Foundation*

10 matches found

CVE•added 2025/01/30 4:15 p.m.•155 views

CVE-2025-22220

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.

5.4CVSS4.6AI score0.00062EPSS

CVE•added 2025/01/30 3:15 p.m.•120 views

CVE-2025-22218

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs

8.5CVSS8AI score0.0011EPSS

CVE•added 2025/01/30 4:15 p.m.•68 views

CVE-2025-22222

VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.

7.7CVSS7.3AI score0.00124EPSS

CVE•added 2025/06/04 8:15 p.m.•67 views

CVE-2025-22243

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

7.5CVSS5.7AI score0.00034EPSS

CVE•added 2025/05/13 6:15 a.m.•65 views

CVE-2025-22249

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

8.2CVSS7.4AI score0.00055EPSS

CVE•added 2025/01/30 4:15 p.m.•56 views

CVE-2025-22219

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.

9CVSS6.5AI score0.00092EPSS

CVE•added 2025/01/30 4:15 p.m.•56 views

CVE-2025-22221

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configur...

5.2CVSS5AI score0.00097EPSS

CVE•added 2025/06/04 8:15 p.m.•55 views

CVE-2025-22244

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

6.9CVSS5.6AI score0.00039EPSS

CVE•added 2025/06/04 8:15 p.m.•50 views

CVE-2025-22245

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

5.9CVSS5.4AI score0.00033EPSS

CVE•added 2025/05/20 1:15 p.m.•32 views

CVE-2025-41231

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.

7.3CVSS7.1AI score0.00023EPSS