CVE-2023-34060

Public exploit
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5).
Max CVSS
9.8
EPSS Score
0.10%
Published
2023-11-14
Updated
2023-11-21

CVE-2023-34039

Public exploit
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Max CVSS
9.8
EPSS Score
90.71%
Published
2023-08-29
Updated
2024-01-09

CVE-2023-20887

Known exploited
Public exploit
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
Max CVSS
9.8
EPSS Score
96.41%
Published
2023-06-07
Updated
2023-07-26
CISA KEV Added
2023-06-22

CVE-2022-31706

Public exploit
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Max CVSS
9.8
EPSS Score
0.73%
Published
2023-01-26
Updated
2023-09-11

CVE-2022-31704

Public exploit
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
Max CVSS
9.8
EPSS Score
0.43%
Published
2023-01-26
Updated
2023-09-11

CVE-2022-22965

Known exploited
Public exploit
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Max CVSS
9.8
EPSS Score
97.49%
Published
2022-04-01
Updated
2023-02-09
CISA KEV Added
2022-04-04

CVE-2022-22963

Known exploited
Public exploit
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Max CVSS
9.8
EPSS Score
97.54%
Published
2022-04-01
Updated
2023-07-13
CISA KEV Added
2022-08-25

CVE-2022-22956

Public exploit
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-04-13
Updated
2023-04-19

CVE-2022-22954

Known exploited
Public exploit
Used for ransomware
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Max CVSS
10.0
EPSS Score
97.44%
Published
2022-04-11
Updated
2022-09-09
CISA KEV Added
2022-04-14

CVE-2022-22947

Known exploited
Public exploit
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Max CVSS
10.0
EPSS Score
97.49%
Published
2022-03-03
Updated
2023-07-24
CISA KEV Added
2022-05-16

CVE-2021-22005

Known exploited
Public exploit
Used for ransomware
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
Max CVSS
9.8
EPSS Score
97.39%
Published
2021-09-23
Updated
2021-11-30
CISA KEV Added
2021-11-03

CVE-2021-21985

Known exploited
Public exploit
Used for ransomware
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Max CVSS
10.0
EPSS Score
97.41%
Published
2021-05-26
Updated
2021-09-14
CISA KEV Added
2021-11-03

CVE-2021-21978

Public exploit
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
Max CVSS
9.8
EPSS Score
97.47%
Published
2021-03-03
Updated
2021-03-26

CVE-2021-21972

Known exploited
Public exploit
Used for ransomware
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Max CVSS
10.0
EPSS Score
97.30%
Published
2021-02-24
Updated
2024-02-13
CISA KEV Added
2021-11-03

CVE-2020-11651

Known exploited
Public exploit
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Max CVSS
9.8
EPSS Score
97.47%
Published
2020-04-30
Updated
2022-07-12
CISA KEV Added
2021-11-03

CVE-2020-3952

Known exploited
Public exploit
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Max CVSS
9.8
EPSS Score
75.84%
Published
2020-04-10
Updated
2022-07-12
CISA KEV Added
2021-11-03

CVE-2016-7456

Public exploit
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
Max CVSS
10.0
EPSS Score
8.34%
Published
2016-12-29
Updated
2017-01-03

CVE-2015-2342

Public exploit
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
Max CVSS
10.0
EPSS Score
97.14%
Published
2015-10-12
Updated
2018-08-12

CVE-2012-3569

Public exploit
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
Max CVSS
9.3
EPSS Score
96.57%
Published
2012-11-14
Updated
2017-08-29

CVE-2011-2217

Public exploit
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
Max CVSS
9.3
EPSS Score
95.77%
Published
2011-06-06
Updated
2017-08-29
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Max CVSS
9.3
EPSS Score
0.04%
Published
2024-03-05
Updated
2024-03-05
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Max CVSS
9.3
EPSS Score
0.04%
Published
2024-03-05
Updated
2024-03-05
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-01-16
Updated
2024-01-25
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Max CVSS
9.8
EPSS Score
0.17%
Published
2023-10-20
Updated
2023-10-30
144 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!