Cloud Foundation@4.2.1 Security Vulnerabilities and Issues — Cloud Foundation@4.2.1 CVE List

Lucene search

VmwareCloud Foundation4.2.1

12 matches found

CVE•added 2022/05/20 9:15 p.m.•277 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

9.8CVSS9.1AI score0.93742EPSS

In wild

CVE•added 2022/05/20 9:15 p.m.•243 views

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.6AI score0.0339EPSS

In wild

CVE•added 2022/12/13 4:15 p.m.•141 views

CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

3.3CVSS5.3AI score0.00327EPSS

CVE•added 2022/12/13 4:15 p.m.•134 views

CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

5.3CVSS5.8AI score0.03394EPSS

CVE•added 2021/08/31 10:15 p.m.•89 views

CVE-2021-22002

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addi...

9.8CVSS9.3AI score0.00398EPSS

CVE•added 2021/08/31 10:15 p.m.•81 views

CVE-2021-22003

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and pa...

7.5CVSS8.6AI score0.00356EPSS

CVE•added 2021/08/30 6:15 p.m.•66 views

CVE-2021-22025

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.

7.5CVSS7.5AI score0.00189EPSS

CVE•added 2021/08/30 6:15 p.m.•64 views

CVE-2021-22024

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.

7.5CVSS7.2AI score0.00273EPSS

CVE•added 2021/08/30 6:15 p.m.•61 views

CVE-2021-22023

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

7.2CVSS7AI score0.00324EPSS

CVE•added 2021/08/30 6:15 p.m.•59 views

CVE-2021-22026

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

7.5CVSS7.3AI score0.00253EPSS

CVE•added 2021/08/30 6:15 p.m.•57 views

CVE-2021-22022

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.

4.9CVSS5.9AI score0.00214EPSS

CVE•added 2021/08/30 6:15 p.m.•57 views

CVE-2021-22027

7.5CVSS7.3AI score0.00228EPSS