CVE-2020-3956

CVE-2020-3956 affects VMware Cloud Director; an authenticated attacker can exploit an Expression Injection vulnerability in input handling (notably SMTP host/name processing) to achieve remote code execution via HTML5/Flex UI or API interfaces. Impact is arbitrary RCE with network access, as indi...

CVE-2022-22966

CVE-2022-22966 is a remote code execution vulnerability in VMware Cloud Director. An authenticated, high-privileged attacker with network access to the Cloud Director tenant/provider could exploit this to gain control of the server. Affected versions include 10.1.x, 10.2.x, and 10.3.x; fixes are ...

CVE-2019-5523

Vulnerability CVE-2019-5523 affects VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3. The issue is a Remote Session Hijack in the Tenant and Provider Portals, allowing an attacker to access those portals by impersonating a currently logged-in session. Public references (VMware ...

CVE-2016-2076

CVE-2016-2076 affects VMware products including vCenter Server (5.5 U3a/U3b/U3c and 6.0 before U2), vCloud Director 5.5.5, and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1. The issue is improper handling of session content by the VMware Client Integration Plugin (CIP), enabling rem...

CVE-2014-1211

VMware CVE-2014-1211 affects vCloud Director 5.1.x before 5.1.3. The issue is a Cross-Site Request Forgery (CSRF) in HTTP session management, caused by improper validation that allows an authenticated user to be logged out via a malicious link. Impact in the documented sources is limited to the l...