Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
VmwareVcenter Server7.0

43 matches found

CVE
CVEadded 2021/02/24 5:15 p.m.1570 views

CVE-2021-21972

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects ...

10CVSS9.8AI score0.93738EPSS
CVE
CVEadded 2021/05/26 3:15 p.m.1496 views

CVE-2021-21985

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestri...

10CVSS9.8AI score0.9437EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.1202 views

CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

9.8CVSS8.7AI score0.94455EPSS
CVE
CVEadded 2021/02/24 5:15 p.m.1098 views

CVE-2021-21973

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information d...

5.3CVSS6.7AI score0.8902EPSS
CVE
CVEadded 2023/10/25 6:17 p.m.398 views

CVE-2023-34048

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

9.8CVSS9.9AI score0.92017EPSS
CVE
CVEadded 2024/09/17 6:15 p.m.329 views

CVE-2024-38812

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

9.8CVSS9.8AI score0.60971EPSS
CVE
CVEadded 2024/09/17 6:15 p.m.247 views

CVE-2024-38813

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

9.8CVSS8.9AI score0.14583EPSS
CVE
CVEadded 2022/03/29 6:15 p.m.234 views

CVE-2022-22948

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

6.5CVSS6.3AI score0.11504EPSS
CVE
CVEadded 2023/06/22 12:15 p.m.214 views

CVE-2023-20892

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating syst...

9.8CVSS9.2AI score0.02678EPSS
CVE
CVEadded 2023/10/25 6:17 p.m.185 views

CVE-2023-34056

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

4.3CVSS4.6AI score0.00124EPSS
CVE
CVEadded 2024/06/18 6:15 a.m.181 views

CVE-2024-37079

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

9.8CVSS7.7AI score0.16982EPSS
CVE
CVEadded 2021/11/24 5:15 p.m.174 views

CVE-2021-22049

The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an ...

9.8CVSS9.2AI score0.00816EPSS
CVE
CVEadded 2021/05/26 3:15 p.m.158 views

CVE-2021-21986

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform acti...

10CVSS9.5AI score0.01196EPSS
CVE
CVEadded 2022/07/13 7:15 p.m.155 views

CVE-2022-22982

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

7.5CVSS7.5AI score0.00217EPSS
CVE
CVEadded 2022/12/13 4:15 p.m.142 views

CVE-2022-31697

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that ...

5.5CVSS6.4AI score0.00031EPSS
CVE
CVEadded 2021/09/23 1:15 p.m.138 views

CVE-2021-22015

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.

7.8CVSS8AI score0.02265EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.136 views

CVE-2021-21993

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosur...

6.5CVSS7AI score0.00233EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.135 views

CVE-2021-22009

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.

7.5CVSS7.5AI score0.01465EPSS
CVE
CVEadded 2022/12/13 4:15 p.m.133 views

CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

5.3CVSS5.8AI score0.04595EPSS
CVE
CVEadded 2024/05/21 6:15 p.m.132 views

CVE-2024-22274

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

7.2CVSS8AI score0.56566EPSS
CVE
CVEadded 2024/06/18 6:15 a.m.131 views

CVE-2024-37080

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

9.8CVSS7.7AI score0.04145EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.124 views

CVE-2021-22006

The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.

7.5CVSS7.8AI score0.47944EPSS
CVE
CVEadded 2021/09/22 7:15 p.m.122 views

CVE-2021-21991

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Serve...

7.8CVSS8.3AI score0.00096EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.121 views

CVE-2021-22011

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.

5.3CVSS6.1AI score0.00802EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.116 views

CVE-2021-22014

The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter...

9CVSS7.9AI score0.01623EPSS
CVE
CVEadded 2021/09/22 7:15 p.m.113 views

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service...

6.8CVSS7.8AI score0.00485EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.110 views

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.

7.5CVSS7.3AI score0.00673EPSS
CVE
CVEadded 2024/06/18 6:15 a.m.108 views

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

7.8CVSS7.3AI score0.1437EPSS
CVE
CVEadded 2020/08/21 1:15 p.m.105 views

CVE-2020-3976

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

5.3CVSS5.1AI score0.03171EPSS
CVE
CVEadded 2021/11/10 6:15 p.m.99 views

CVE-2021-22048

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

8.8CVSS8.8AI score0.00874EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.96 views

CVE-2021-22010

The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.

7.5CVSS8.2AI score0.01065EPSS
CVE
CVEadded 2021/09/23 1:15 p.m.86 views

CVE-2021-22019

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.

7.5CVSS7.7AI score0.01065EPSS
CVE
CVEadded 2021/09/23 1:15 p.m.86 views

CVE-2021-22020

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.

5.5CVSS7.1AI score0.00084EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.84 views

CVE-2021-22007

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.

5.5CVSS6.9AI score0.00087EPSS
CVE
CVEadded 2024/05/21 6:15 p.m.74 views

CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.

4.9CVSS6.6AI score0.07251EPSS
CVE
CVEadded 2023/06/22 12:15 p.m.68 views

CVE-2023-20894

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.

9.8CVSS9.3AI score0.49087EPSS
CVE
CVEadded 2021/09/23 1:15 p.m.67 views

CVE-2021-22018

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

6.5CVSS6.7AI score0.00537EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.66 views

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

7.5CVSS7.4AI score0.00988EPSS
CVE
CVEadded 2023/06/22 12:15 p.m.66 views

CVE-2023-20893

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

9.8CVSS9.7AI score0.02921EPSS
CVE
CVEadded 2023/06/22 1:15 p.m.63 views

CVE-2023-20896

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmca...

7.5CVSS8.3AI score0.00289EPSS
CVE
CVEadded 2023/06/22 12:15 p.m.52 views

CVE-2023-20895

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

9.8CVSS9.5AI score0.00396EPSS
CVE
CVEadded 2021/09/23 12:15 p.m.49 views

CVE-2021-22012

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

7.5CVSS7.5AI score0.00776EPSS
CVE
CVEadded 2024/06/25 3:15 p.m.42 views

CVE-2024-37087

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.

5.3CVSS6.9AI score0.00615EPSS