Vcenter Server Appliance Security Vulnerabilities and Issues — Vcenter Server Appliance CVE List

Lucene search

VmwareVcenter Server Appliance

6 matches found

CVE•added 2014/07/17 11:17 a.m.•61 views

CVE-2014-4241

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.

4.3CVSS5.8AI score0.00912EPSS

CVE•added 2014/12/08 11:59 a.m.•56 views

CVE-2014-8371

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.

4.3CVSS6.2AI score0.00127EPSS

CVE•added 2014/12/08 11:59 a.m.•50 views

CVE-2014-3797

Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.0039EPSS

CVE•added 2012/12/21 9:55 p.m.•47 views

CVE-2012-6324

Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.

4CVSS6.2AI score0.00121EPSS

CVE•added 2012/12/21 9:55 p.m.•47 views

CVE-2012-6325

VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.

4CVSS6.2AI score0.00144EPSS

CVE•added 2013/05/01 12:0 p.m.•43 views

CVE-2013-3107

VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.

4.3CVSS7AI score0.00298EPSS