Cloud Foundation Security Vulnerabilities and Issues — Cloud Foundation CVE List

Lucene search

VmwareCloud Foundation

3 matches found

CVE•added 2021/02/24 5:15 p.m.•1585 views

CVE-2021-21972

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects ...

10CVSS9.8AI score0.93738EPSS

CVE•added 2021/02/24 5:15 p.m.•1110 views

CVE-2021-21973

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information d...

5.3CVSS6.7AI score0.90218EPSS

CVE•added 2021/02/24 5:15 p.m.•706 views

CVE-2021-21974

OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

8.8CVSS8.9AI score0.55506EPSS