Vcenter Server Security Vulnerabilities and Issues — Vcenter Server CVE List

Lucene search

VmwareVcenter Server

11 matches found

CVE•added 2022/03/29 6:15 p.m.•234 views

CVE-2022-22948

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

6.5CVSS6.3AI score0.11504EPSS

CVE•added 2021/09/23 12:15 p.m.•136 views

CVE-2021-21993

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosur...

6.5CVSS7AI score0.00233EPSS

CVE•added 2009/08/11 6:30 p.m.•113 views

CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Cod...

6.5CVSS6.7AI score0.00296EPSS

CVE•added 2021/09/22 7:15 p.m.•113 views

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service...

6.8CVSS7.8AI score0.00485EPSS

CVE•added 2021/09/23 1:15 p.m.•98 views

CVE-2021-22016

The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.

6.1CVSS6.5AI score0.01235EPSS

CVE•added 2016/08/08 1:59 a.m.•68 views

CVE-2016-5331

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

6.1CVSS6.1AI score0.00332EPSS

CVE•added 2021/09/23 1:15 p.m.•67 views

CVE-2021-22018

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

6.5CVSS6.7AI score0.00537EPSS

CVE•added 2017/08/01 4:29 p.m.•51 views

CVE-2017-4922

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical i...

6.5CVSS7.7AI score0.00444EPSS

CVE•added 2016/07/03 1:59 a.m.•49 views

CVE-2015-6931

Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1CVSS6AI score0.00159EPSS

CVE•added 2013/10/21 10:54 a.m.•44 views

CVE-2013-5971

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.

6.8CVSS6.7AI score0.00504EPSS

CVE•added 2016/06/08 2:59 p.m.•41 views

CVE-2016-2078

Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.

6.1CVSS6AI score0.00209EPSS