Cloud Foundation@4.0.1 Security Vulnerabilities and Issues — Cloud Foundation@4.0.1 CVE List

Lucene search

VmwareCloud Foundation4.0.1

9 matches found

CVE•added 2020/11/23 10:15 p.m.•1237 views

CVE-2020-4006

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

9.1CVSS9.4AI score0.14512EPSS

CVE•added 2021/03/31 6:15 p.m.•1129 views

CVE-2021-21975

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

7.5CVSS7.4AI score0.94188EPSS

CVE•added 2021/03/31 6:15 p.m.•313 views

CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

8.5CVSS6.8AI score0.83177EPSS

CVE•added 2022/05/20 9:15 p.m.•243 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

9.8CVSS9.1AI score0.93742EPSS

CVE•added 2022/05/20 9:15 p.m.•213 views

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.6AI score0.04748EPSS

CVE•added 2022/12/13 4:15 p.m.•140 views

CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

3.3CVSS5.3AI score0.00294EPSS

CVE•added 2022/12/13 4:15 p.m.•133 views

CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

5.3CVSS5.8AI score0.04595EPSS

CVE•added 2021/08/31 10:15 p.m.•87 views

CVE-2021-22002

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addi...

9.8CVSS9.3AI score0.00398EPSS

CVE•added 2021/08/31 10:15 p.m.•80 views

CVE-2021-22003

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and pa...

7.5CVSS8.6AI score0.00356EPSS