Cloud Foundation@4.3.1 Security Vulnerabilities and Issues — Cloud Foundation@4.3.1 CVE List

Lucene search

VmwareCloud Foundation4.3.1

9 matches found

CVE•added 2022/04/11 8:15 p.m.•1310 views

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

10CVSS9.8AI score0.94441EPSS

In wildWeb

CVE•added 2022/01/04 10:15 p.m.•285 views

CVE-2021-22045

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be ab...

7.8CVSS7.6AI score0.02434EPSS

CVE•added 2022/05/20 9:15 p.m.•277 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

9.8CVSS9.1AI score0.93742EPSS

In wild

CVE•added 2022/05/20 9:15 p.m.•243 views

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.6AI score0.0339EPSS

In wild

CVE•added 2022/07/13 7:15 p.m.•156 views

CVE-2022-22982

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

7.5CVSS7.5AI score0.00231EPSS

CVE•added 2022/12/13 4:15 p.m.•141 views

CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

3.3CVSS5.3AI score0.00327EPSS

CVE•added 2022/12/13 4:15 p.m.•134 views

CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

5.3CVSS5.8AI score0.03394EPSS

CVE•added 2021/10/13 4:15 p.m.•50 views

CVE-2021-22033

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

4CVSS4AI score0.00159EPSS

CVE•added 2021/10/13 4:15 p.m.•46 views

CVE-2021-22035

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log I...

4.3CVSS4.5AI score0.00444EPSS