Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
VmwareCloud Foundation3.10.2.1

9 matches found

CVE
CVEadded 2022/05/20 9:15 p.m.277 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

9.8CVSS9.1AI score0.93742EPSS
In wild
CVE
CVEadded 2022/12/13 4:15 p.m.141 views

CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

3.3CVSS5.3AI score0.00327EPSS
CVE
CVEadded 2022/12/13 4:15 p.m.134 views

CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

5.3CVSS5.8AI score0.05013EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.66 views

CVE-2021-22025

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.

7.5CVSS7.5AI score0.00189EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.64 views

CVE-2021-22024

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.

7.5CVSS7.2AI score0.00273EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.61 views

CVE-2021-22023

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

7.2CVSS7AI score0.00324EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.59 views

CVE-2021-22026

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

7.5CVSS7.3AI score0.00253EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.57 views

CVE-2021-22022

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.

4.9CVSS5.9AI score0.00214EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.57 views

CVE-2021-22027

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

7.5CVSS7.3AI score0.00228EPSS