MidnightBSD

Advisories for vmware

CVE-1999-0733 HIGH

Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware workstation 1.0.1
CVE-2000-0090 LOW

VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware workstation 1.1
vmware workstation 1.1.2
vmware workstation 1.0.1
vmware workstation 1.1.1
vmware workstation 1.0.2
CVE-2001-1059 LOW

VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware workstation 2.0
CVE-2002-0814 HIGH

Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware gsx_server 2.0.0_build_2050
CVE-2003-0480 LOW

VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware workstation 4.0
CVE-2003-0631 HIGH

VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware gsx_server 2.5.1
vmware workstation 4.0
CVE-2003-0739 MEDIUM

VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware workstation *
CVE-2003-1291 HIGH

VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware esx 1.5.2
CVE-2004-0079 MEDIUM

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
securecomputing sidewinder 5.2.0.01
lite speed_technologies_litespeed_web_server 1.0.3
cisco firewall_services_module 1.1.2
cisco pix_firewall_software 6.0(3)
vmware gsx_server 2.0.1_build_2129
cisco pix_firewall_software 6.0(2)
avaya s8300 r2.0.0
neoteris instant_virtual_extranet 3.0
redhat linux 8.0
cisco pix_firewall 6.2.2_.111
avaya s8700 r2.0.1
lite speed_technologies_litespeed_web_server 1.3_rc1
freebsd freebsd 5.2.1
cisco webns 7.10_.0.06s
cisco webns 7.10
novell edirectory 8.6.2
lite speed_technologies_litespeed_web_server 1.3
stonesoft stonegate 2.0.7
openbsd openbsd 3.3
avaya sg208 4.4
cisco firewall_services_module 2.1_(0.208)
lite speed_technologies_litespeed_web_server 1.0.2
sun crypto_accelerator_4000 1.0
stonesoft servercluster 2.5
tarantella tarantella_enterprise 3.20
stonesoft stonegate 2.1
lite speed_technologies_litespeed_web_server 1.3.1
tarantella tarantella_enterprise 3.40
4d webstar 5.2.4
checkpoint vpn-1 next_generation_fp2
4d webstar 5.3.1
hp hp-ux 8.05
stonesoft stonegate 2.2.1
cisco pix_firewall_software 6.0(4.101)
stonesoft stonegate 2.2.4
cisco pix_firewall_software 6.2
tarantella tarantella_enterprise 3.30
redhat openssl 0.9.6-15
redhat enterprise_linux_desktop 3.0
avaya s8500 r2.0.0
lite speed_technologies_litespeed_web_server 1.2.1
cisco pix_firewall_software 6.3(2)
cisco secure_content_accelerator 10000
cisco css_secure_content_accelerator 1.0
cisco ios 12.2za
avaya sg5 4.4
openbsd openbsd 3.4
checkpoint vpn-1 next_generation_fp0
cisco call_manager *
hp hp-ux 11.11
cisco firewall_services_module *
cisco pix_firewall_software 6.0(1)
novell edirectory 8.5.27
openssl openssl 0.9.6c
cisco css11000_content_services_switch *
cisco webns 6.10_b4
checkpoint firewall-1 *
cisco css_secure_content_accelerator 2.0
stonesoft stonebeat_fullcluster 2.0
avaya vsu 5
hp apache-based_web_server 2.0.43.04
openssl openssl 0.9.6i
stonesoft stonebeat_webcluster 2.0
novell edirectory 8.7
cisco pix_firewall_software 6.2(2)
novell imanager 2.0
apple mac_os_x_server 10.3.3
securecomputing sidewinder 5.2.1.02
checkpoint firewall-1 next_generation_fp0
lite speed_technologies_litespeed_web_server 1.2_rc1
cisco webns 7.1_0.1.02
stonesoft stonebeat_fullcluster 2.5
vmware gsx_server 3.0_build_7592
avaya s8500 r2.0.1
hp wbem a.02.00.00
sco openserver 5.0.6
cisco ciscoworks_common_services 2.2
avaya vsu 5000_r2.0.1
novell edirectory 8.5
bluecoat cacheos_ca_sa 4.1.10
lite speed_technologies_litespeed_web_server 1.0.1
freebsd freebsd 5.1
cisco gss_4490_global_site_selector *
stonesoft stonegate_vpn_client 2.0.7
avaya sg200 4.31.29
stonesoft stonegate 2.0.8
cisco access_registrar *
avaya sg5 4.3
hp wbem a.02.00.01
stonesoft stonegate 2.0.5
openssl openssl 0.9.6e
openssl openssl 0.9.7c
avaya intuity_audix *
cisco pix_firewall_software 6.1(4)
openssl openssl 0.9.6d
stonesoft stonebeat_securitycluster 2.5
cisco pix_firewall_software 6.2(3.100)
cisco pix_firewall_software 6.3(3.102)
stonesoft stonegate 1.5.18
avaya vsu 100_r2.0.1
hp hp-ux 11.23
4d webstar 5.2.1
stonesoft stonegate_vpn_client 2.0.8
cisco pix_firewall_software 6.3(1)
novell edirectory 8.5.12a
cisco pix_firewall_software 6.2(1)
lite speed_technologies_litespeed_web_server 1.2.2
cisco ios 12.1(13)e9
redhat openssl 0.9.6b-3
stonesoft stonegate 1.7.1
stonesoft stonegate 1.6.3
cisco webns 7.2_0.0.03
lite speed_technologies_litespeed_web_server 1.2_rc2
avaya converged_communications_server 2.0
4d webstar 4.0
cisco ios 12.1(19)e1
novell edirectory 8.0
cisco firewall_services_module 1.1_(3.005)
avaya intuity_audix s3210
neoteris instant_virtual_extranet 3.1
stonesoft stonegate 1.7.2
cisco ios 12.1(11b)e14
sgi propack 3.0
cisco ios 12.2(14)sy
neoteris instant_virtual_extranet 3.3
4d webstar 5.2.2
freebsd freebsd 5.2
sgi propack 2.4
cisco ciscoworks_common_management_foundation 2.1
stonesoft stonegate_vpn_client 2.0
cisco application_and_content_networking_software *
cisco firewall_services_module 1.1.3
openssl openssl 0.9.7b
hp apache-based_web_server 2.0.43.00
cisco pix_firewall_software 6.1(3)
lite speed_technologies_litespeed_web_server 1.1.1
checkpoint firewall-1 next_generation_fp1
stonesoft stonegate 1.7
stonesoft stonegate_vpn_client 2.0.9
securecomputing sidewinder 5.2.0.04
cisco ios 12.2(14)sy1
openssl openssl 0.9.6k
4d webstar 5.3
openssl openssl 0.9.6j
4d webstar 5.2
checkpoint vpn-1 next_generation_fp1
sco openserver 5.0.7
redhat openssl 0.9.7a-2
avaya vsu 2000_r2.0.1
hp wbem a.01.05.08
avaya sg5 4.2
cisco pix_firewall_software 6.1(2)
stonesoft stonegate 2.0.6
avaya s8300 r2.0.1
checkpoint firewall-1 next_generation_fp2
cisco ios 12.1(11b)e
cisco ios 12.1(11b)e12
openssl openssl 0.9.6f
stonesoft servercluster 2.5.2
redhat linux 7.3
avaya s8700 r2.0.0
securecomputing sidewinder 5.2
symantec clientless_vpn_gateway_4400 5.0
avaya vsu 7500_r2.0.1
checkpoint vpn-1 vsx_ng_with_application_intelligence
hp aaa_server *
hp hp-ux 11.00
openssl openssl 0.9.6h
novell edirectory 8.7.1
bluecoat proxysg *
cisco pix_firewall_software 6.3(3.109)
neoteris instant_virtual_extranet 3.3.1
cisco gss_4480_global_site_selector *
dell bsafe_ssl-j 3.0
novell imanager 1.5
securecomputing sidewinder 5.2.1
cisco pix_firewall_software 6.0(4)
cisco pix_firewall_software 6.1(1)
stonesoft stonebeat_fullcluster 1_2.0
4d webstar 5.2.3
bluecoat cacheos_ca_sa 4.1.12
stonesoft stonegate 2.0.4
cisco pix_firewall_software 6.3
avaya sg200 4.4
dell bsafe_ssl-j 3.1
avaya sg203 4.4
avaya intuity_audix s3400
stonesoft stonegate 2.0.1
cisco mds_9000 *
stonesoft stonebeat_webcluster 2.5
avaya vsu 10000_r2.0.1
stonesoft stonegate 1.6.2
stonesoft stonebeat_fullcluster 1_3.0
freebsd freebsd 4.9
sgi propack 2.3
checkpoint firewall-1 2.0
cisco content_services_switch_11500 *
vmware gsx_server 2.5.1_build_5336
lite speed_technologies_litespeed_web_server 1.1
securecomputing sidewinder 5.2.0.03
cisco pix_firewall_software 6.0
securecomputing sidewinder 5.2.0.02
cisco pix_firewall_software 6.2(3)
cisco ios 12.2sy
avaya sg208 *
redhat enterprise_linux 3.0
checkpoint provider-1 4.1
redhat linux 7.2
lite speed_technologies_litespeed_web_server 1.3_rc2
neoteris instant_virtual_extranet 3.2
cisco okena_stormwatch 3.2
stonesoft stonegate 2.2
avaya sg203 4.31.29
avaya intuity_audix 5.1.46
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.7
openssl openssl 0.9.6g
avaya vsu 500
stonesoft stonegate_vpn_client 1.7.2
cisco webns 6.10
dell bsafe_ssl-j 3.0.1
cisco threat_response *
stonesoft stonegate_vpn_client 1.7
stonesoft stonebeat_fullcluster 3.0
vmware gsx_server 2.0
stonesoft stonegate 2.0.9
avaya vsu 5x
cisco pix_firewall_software 6.1(5)
cisco ios 12.1(11)e
cisco webns 7.1_0.2.06
apple mac_os_x 10.3.3
lite speed_technologies_litespeed_web_server 1.3_rc3
vmware gsx_server 2.5.1
freebsd freebsd 4.8
cisco pix_firewall_software 6.1
stonesoft stonegate 1.5.17
openssl openssl 0.9.7a
CVE-2004-0081 MEDIUM

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
securecomputing sidewinder 5.2.0.01
lite speed_technologies_litespeed_web_server 1.0.3
cisco firewall_services_module 1.1.2
cisco pix_firewall_software 6.0(3)
vmware gsx_server 2.0.1_build_2129
cisco pix_firewall_software 6.0(2)
avaya s8300 r2.0.0
neoteris instant_virtual_extranet 3.0
redhat linux 8.0
cisco pix_firewall 6.2.2_.111
avaya s8700 r2.0.1
lite speed_technologies_litespeed_web_server 1.3_rc1
freebsd freebsd 5.2.1
cisco webns 7.10_.0.06s
cisco webns 7.10
novell edirectory 8.6.2
lite speed_technologies_litespeed_web_server 1.3
stonesoft stonegate 2.0.7
openbsd openbsd 3.3
avaya sg208 4.4
cisco firewall_services_module 2.1_(0.208)
lite speed_technologies_litespeed_web_server 1.0.2
sun crypto_accelerator_4000 1.0
stonesoft servercluster 2.5
tarantella tarantella_enterprise 3.20
stonesoft stonegate 2.1
lite speed_technologies_litespeed_web_server 1.3.1
tarantella tarantella_enterprise 3.40
4d webstar 5.2.4
4d webstar 5.3.1
hp hp-ux 8.05
stonesoft stonegate 2.2.1
cisco pix_firewall_software 6.0(4.101)
stonesoft stonegate 2.2.4
cisco pix_firewall_software 6.2
tarantella tarantella_enterprise 3.30
redhat openssl 0.9.6-15
redhat enterprise_linux_desktop 3.0
avaya s8500 r2.0.0
lite speed_technologies_litespeed_web_server 1.2.1
cisco pix_firewall_software 6.3(2)
cisco secure_content_accelerator 10000
cisco css_secure_content_accelerator 1.0
cisco ios 12.2za
avaya sg5 4.4
openbsd openbsd 3.4
checkpoint vpn-1 next_generation_fp0
cisco call_manager *
hp hp-ux 11.11
cisco firewall_services_module *
cisco pix_firewall_software 6.0(1)
novell edirectory 8.5.27
openssl openssl 0.9.6c
cisco css11000_content_services_switch *
cisco webns 6.10_b4
checkpoint firewall-1 *
cisco css_secure_content_accelerator 2.0
stonesoft stonebeat_fullcluster 2.0
avaya vsu 5
hp apache-based_web_server 2.0.43.04
openssl openssl 0.9.6i
stonesoft stonebeat_webcluster 2.0
novell edirectory 8.7
cisco pix_firewall_software 6.2(2)
novell imanager 2.0
apple mac_os_x_server 10.3.3
securecomputing sidewinder 5.2.1.02
checkpoint firewall-1 next_generation_fp0
lite speed_technologies_litespeed_web_server 1.2_rc1
cisco webns 7.1_0.1.02
stonesoft stonebeat_fullcluster 2.5
vmware gsx_server 3.0_build_7592
avaya s8500 r2.0.1
hp wbem a.02.00.00
sco openserver 5.0.6
cisco ciscoworks_common_services 2.2
avaya vsu 5000_r2.0.1
novell edirectory 8.5
bluecoat cacheos_ca_sa 4.1.10
lite speed_technologies_litespeed_web_server 1.0.1
freebsd freebsd 5.1
cisco gss_4490_global_site_selector *
stonesoft stonegate_vpn_client 2.0.7
avaya sg200 4.31.29
stonesoft stonegate 2.0.8
cisco access_registrar *
avaya sg5 4.3
hp wbem a.02.00.01
stonesoft stonegate 2.0.5
openssl openssl 0.9.6e
openssl openssl 0.9.7c
avaya intuity_audix *
cisco pix_firewall_software 6.1(4)
openssl openssl 0.9.6d
stonesoft stonebeat_securitycluster 2.5
cisco pix_firewall_software 6.2(3.100)
cisco pix_firewall_software 6.3(3.102)
stonesoft stonegate 1.5.18
avaya vsu 100_r2.0.1
hp hp-ux 11.23
4d webstar 5.2.1
stonesoft stonegate_vpn_client 2.0.8
cisco pix_firewall_software 6.3(1)
novell edirectory 8.5.12a
cisco pix_firewall_software 6.2(1)
lite speed_technologies_litespeed_web_server 1.2.2
cisco ios 12.1(13)e9
redhat openssl 0.9.6b-3
stonesoft stonegate 1.7.1
stonesoft stonegate 1.6.3
cisco webns 7.2_0.0.03
lite speed_technologies_litespeed_web_server 1.2_rc2
avaya converged_communications_server 2.0
4d webstar 4.0
cisco ios 12.1(19)e1
novell edirectory 8.0
cisco firewall_services_module 1.1_(3.005)
avaya intuity_audix s3210
neoteris instant_virtual_extranet 3.1
stonesoft stonegate 1.7.2
cisco ios 12.1(11b)e14
sgi propack 3.0
cisco ios 12.2(14)sy
neoteris instant_virtual_extranet 3.3
4d webstar 5.2.2
freebsd freebsd 5.2
sgi propack 2.4
cisco ciscoworks_common_management_foundation 2.1
stonesoft stonegate_vpn_client 2.0
cisco application_and_content_networking_software *
cisco firewall_services_module 1.1.3
openssl openssl 0.9.7b
hp apache-based_web_server 2.0.43.00
cisco pix_firewall_software 6.1(3)
lite speed_technologies_litespeed_web_server 1.1.1
checkpoint firewall-1 next_generation_fp1
stonesoft stonegate 1.7
stonesoft stonegate_vpn_client 2.0.9
securecomputing sidewinder 5.2.0.04
cisco ios 12.2(14)sy1
openssl openssl 0.9.6k
4d webstar 5.3
openssl openssl 0.9.6j
4d webstar 5.2
checkpoint vpn-1 next_generation_fp1
sco openserver 5.0.7
redhat openssl 0.9.7a-2
avaya vsu 2000_r2.0.1
hp wbem a.01.05.08
avaya sg5 4.2
cisco pix_firewall_software 6.1(2)
stonesoft stonegate 2.0.6
avaya s8300 r2.0.1
checkpoint firewall-1 next_generation_fp2
cisco ios 12.1(11b)e
cisco ios 12.1(11b)e12
openssl openssl 0.9.6f
checkpoint vpn-1 next_generation
stonesoft servercluster 2.5.2
redhat linux 7.3
avaya s8700 r2.0.0
securecomputing sidewinder 5.2
symantec clientless_vpn_gateway_4400 5.0
avaya vsu 7500_r2.0.1
checkpoint vpn-1 vsx_ng_with_application_intelligence
hp aaa_server *
hp hp-ux 11.00
openssl openssl 0.9.6h
novell edirectory 8.7.1
bluecoat proxysg *
cisco pix_firewall_software 6.3(3.109)
neoteris instant_virtual_extranet 3.3.1
cisco gss_4480_global_site_selector *
dell bsafe_ssl-j 3.0
novell imanager 1.5
securecomputing sidewinder 5.2.1
cisco pix_firewall_software 6.0(4)
cisco pix_firewall_software 6.1(1)
stonesoft stonebeat_fullcluster 1_2.0
4d webstar 5.2.3
bluecoat cacheos_ca_sa 4.1.12
stonesoft stonegate 2.0.4
cisco pix_firewall_software 6.3
avaya sg200 4.4
dell bsafe_ssl-j 3.1
avaya sg203 4.4
avaya intuity_audix s3400
stonesoft stonegate 2.0.1
cisco mds_9000 *
stonesoft stonebeat_webcluster 2.5
avaya vsu 10000_r2.0.1
stonesoft stonegate 1.6.2
stonesoft stonebeat_fullcluster 1_3.0
freebsd freebsd 4.9
sgi propack 2.3
checkpoint firewall-1 2.0
cisco content_services_switch_11500 *
vmware gsx_server 2.5.1_build_5336
lite speed_technologies_litespeed_web_server 1.1
securecomputing sidewinder 5.2.0.03
cisco pix_firewall_software 6.0
securecomputing sidewinder 5.2.0.02
cisco pix_firewall_software 6.2(3)
cisco ios 12.2sy
avaya sg208 *
redhat enterprise_linux 3.0
checkpoint provider-1 4.1
redhat linux 7.2
lite speed_technologies_litespeed_web_server 1.3_rc2
neoteris instant_virtual_extranet 3.2
cisco okena_stormwatch 3.2
stonesoft stonegate 2.2
avaya sg203 4.31.29
avaya intuity_audix 5.1.46
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.7
openssl openssl 0.9.6g
avaya vsu 500
stonesoft stonegate_vpn_client 1.7.2
cisco webns 6.10
dell bsafe_ssl-j 3.0.1
cisco threat_response *
stonesoft stonegate_vpn_client 1.7
stonesoft stonebeat_fullcluster 3.0
vmware gsx_server 2.0
stonesoft stonegate 2.0.9
avaya vsu 5x
cisco pix_firewall_software 6.1(5)
cisco ios 12.1(11)e
cisco webns 7.1_0.2.06
apple mac_os_x 10.3.3
lite speed_technologies_litespeed_web_server 1.3_rc3
vmware gsx_server 2.5.1
freebsd freebsd 4.8
cisco pix_firewall_software 6.1
stonesoft stonegate 1.5.17
openssl openssl 0.9.7a
CVE-2004-0112 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
securecomputing sidewinder 5.2.0.01
cisco firewall_services_module 1.1.2
cisco pix_firewall_software 6.0(3)
vmware gsx_server 2.0.1_build_2129
cisco pix_firewall_software 6.0(2)
forcepoint stonegate 2.0.5
avaya s8300 r2.0.0
neoteris instant_virtual_extranet 3.0
redhat linux 8.0
cisco pix_firewall 6.2.2_.111
avaya s8700 r2.0.1
freebsd freebsd 5.2.1
cisco webns 7.10_.0.06s
cisco webns 7.10
novell edirectory 8.6.2
openbsd openbsd 3.3
avaya sg208 4.4
cisco firewall_services_module 2.1_(0.208)
forcepoint stonegate 1.7
sun crypto_accelerator_4000 1.0
stonesoft servercluster 2.5
tarantella tarantella_enterprise 3.20
forcepoint stonegate 2.0.6
tarantella tarantella_enterprise 3.40
4d webstar 5.2.4
checkpoint vpn-1 next_generation_fp2
4d webstar 5.3.1
hp hp-ux 8.05
cisco pix_firewall_software 6.0(4.101)
cisco pix_firewall_software 6.2
tarantella tarantella_enterprise 3.30
redhat openssl 0.9.6-15
redhat enterprise_linux_desktop 3.0
avaya s8500 r2.0.0
cisco pix_firewall_software 6.3(2)
cisco secure_content_accelerator 10000
cisco css_secure_content_accelerator 1.0
cisco ios 12.2za
avaya sg5 4.4
openbsd openbsd 3.4
forcepoint stonegate 1.5.18
checkpoint vpn-1 next_generation_fp0
cisco call_manager *
hp hp-ux 11.11
cisco firewall_services_module *
cisco pix_firewall_software 6.0(1)
novell edirectory 8.5.27
openssl openssl 0.9.6c
forcepoint stonegate 2.2.1
cisco css11000_content_services_switch *
cisco webns 6.10_b4
checkpoint firewall-1 *
cisco css_secure_content_accelerator 2.0
stonesoft stonebeat_fullcluster 2.0
avaya vsu 5
hp apache-based_web_server 2.0.43.04
forcepoint stonegate 1.6.3
openssl openssl 0.9.6i
stonesoft stonebeat_webcluster 2.0
novell edirectory 8.7
cisco pix_firewall_software 6.2(2)
novell imanager 2.0
apple mac_os_x_server 10.3.3
securecomputing sidewinder 5.2.1.02
checkpoint firewall-1 next_generation_fp0
forcepoint stonegate 2.2
cisco webns 7.1_0.1.02
stonesoft stonebeat_fullcluster 2.5
vmware gsx_server 3.0_build_7592
avaya s8500 r2.0.1
hp wbem a.02.00.00
sco openserver 5.0.6
cisco ciscoworks_common_services 2.2
avaya vsu 5000_r2.0.1
novell edirectory 8.5
bluecoat cacheos_ca_sa 4.1.10
forcepoint stonegate 1.6.2
freebsd freebsd 5.1
cisco gss_4490_global_site_selector *
avaya sg200 4.31.29
cisco access_registrar *
forcepoint stonegate 2.0.1
avaya sg5 4.3
hp wbem a.02.00.01
openssl openssl 0.9.6e
openssl openssl 0.9.7c
avaya intuity_audix *
cisco pix_firewall_software 6.1(4)
openssl openssl 0.9.6d
stonesoft stonebeat_securitycluster 2.5
cisco pix_firewall_software 6.2(3.100)
cisco pix_firewall_software 6.3(3.102)
avaya vsu 100_r2.0.1
hp hp-ux 11.23
4d webstar 5.2.1
cisco pix_firewall_software 6.3(1)
novell edirectory 8.5.12a
cisco pix_firewall_software 6.2(1)
cisco ios 12.1(13)e9
redhat openssl 0.9.6b-3
cisco webns 7.2_0.0.03
avaya converged_communications_server 2.0
4d webstar 4.0
cisco ios 12.1(19)e1
novell edirectory 8.0
forcepoint stonegate 1.5.17
forcepoint stonegate 2.1
cisco firewall_services_module 1.1_(3.005)
avaya intuity_audix s3210
neoteris instant_virtual_extranet 3.1
cisco ios 12.1(11b)e14
sgi propack 3.0
cisco ios 12.2(14)sy
neoteris instant_virtual_extranet 3.3
forcepoint stonegate 1.7.2
4d webstar 5.2.2
freebsd freebsd 5.2
sgi propack 2.4
cisco ciscoworks_common_management_foundation 2.1
cisco application_and_content_networking_software *
forcepoint stonegate 2.0.9
cisco firewall_services_module 1.1.3
openssl openssl 0.9.7b
hp apache-based_web_server 2.0.43.00
cisco pix_firewall_software 6.1(3)
checkpoint firewall-1 next_generation_fp1
securecomputing sidewinder 5.2.0.04
cisco ios 12.2(14)sy1
openssl openssl 0.9.6k
4d webstar 5.3
openssl openssl 0.9.6j
4d webstar 5.2
checkpoint vpn-1 next_generation_fp1
sco openserver 5.0.7
redhat openssl 0.9.7a-2
avaya vsu 2000_r2.0.1
hp wbem a.01.05.08
avaya sg5 4.2
cisco pix_firewall_software 6.1(2)
avaya s8300 r2.0.1
checkpoint firewall-1 next_generation_fp2
cisco ios 12.1(11b)e
forcepoint stonegate 2.0.7
cisco ios 12.1(11b)e12
openssl openssl 0.9.6f
stonesoft servercluster 2.5.2
redhat linux 7.3
avaya s8700 r2.0.0
securecomputing sidewinder 5.2
symantec clientless_vpn_gateway_4400 5.0
avaya vsu 7500_r2.0.1
checkpoint vpn-1 vsx_ng_with_application_intelligence
hp aaa_server *
hp hp-ux 11.00
openssl openssl 0.9.6h
novell edirectory 8.7.1
bluecoat proxysg *
cisco pix_firewall_software 6.3(3.109)
neoteris instant_virtual_extranet 3.3.1
forcepoint stonegate 2.0.8
cisco gss_4480_global_site_selector *
dell bsafe_ssl-j 3.0
litespeedtech litespeed_web_server 1.0.1
novell imanager 1.5
securecomputing sidewinder 5.2.1
cisco pix_firewall_software 6.0(4)
cisco pix_firewall_software 6.1(1)
stonesoft stonebeat_fullcluster 1_2.0
4d webstar 5.2.3
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.3
avaya sg200 4.4
dell bsafe_ssl-j 3.1
avaya sg203 4.4
avaya intuity_audix s3400
cisco mds_9000 *
stonesoft stonebeat_webcluster 2.5
avaya vsu 10000_r2.0.1
stonesoft stonebeat_fullcluster 1_3.0
freebsd freebsd 4.9
sgi propack 2.3
checkpoint firewall-1 2.0
cisco content_services_switch_11500 *
vmware gsx_server 2.5.1_build_5336
securecomputing sidewinder 5.2.0.03
cisco pix_firewall_software 6.0
securecomputing sidewinder 5.2.0.02
cisco pix_firewall_software 6.2(3)
cisco ios 12.2sy
avaya sg208 *
redhat enterprise_linux 3.0
checkpoint provider-1 4.1
redhat linux 7.2
neoteris instant_virtual_extranet 3.2
cisco okena_stormwatch 3.2
avaya sg203 4.31.29
avaya intuity_audix 5.1.46
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.7
openssl openssl 0.9.6g
avaya vsu 500
cisco webns 6.10
dell bsafe_ssl-j 3.0.1
cisco threat_response *
stonesoft stonebeat_fullcluster 3.0
vmware gsx_server 2.0
avaya vsu 5x
cisco pix_firewall_software 6.1(5)
cisco ios 12.1(11)e
cisco webns 7.1_0.2.06
apple mac_os_x 10.3.3
forcepoint stonegate 1.7.1
vmware gsx_server 2.5.1
freebsd freebsd 4.8
cisco pix_firewall_software 6.1
openssl openssl 0.9.7a
forcepoint stonegate 2.0.4
forcepoint stonegate 2.2.4
CVE-2004-2515 HIGH

Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware workstation 4.5.2_build_8848
CVE-2005-0444 MEDIUM

VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware workstation *
CVE-2005-2939 HIGH

Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware workstation 5.0.0_build_13124
CVE-2005-3618 HIGH

Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware esx *
CVE-2005-3619 MEDIUM

Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware esx 2.0
vmware esx 2.1.2
vmware esx 2.1.1
vmware esx 2.5
vmware esx 2.5.2
vmware esx 2.0.1
CVE-2005-3620 LOW

The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware esx *
CVE-2005-4459 HIGH

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware player 1.0.0
vmware workstation 5.0.0_build_13124
vmware workstation 4.0.1
vmware workstation 4.5.2
vmware gsx_server 2.5.1_build_5336
vmware gsx_server 2.0.1_build_2129
vmware gsx_server 3.1
vmware gsx_server 3.2
vmware workstation 5.5
vmware ace 1.0
vmware gsx_server 2.5.1
vmware workstation 4.0
vmware gsx_server 3.0_build_7592
vmware gsx_server 3.0
vmware workstation 3.4
vmware workstation 4.5.2_build_8848
vmware gsx_server 2.5.2
vmware workstation 3.2.1
vmware gsx_server 2.0
vmware workstation 4.0.2
CVE-2005-4583 MEDIUM

Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware esx 2.0
vmware esx 2.1.2
vmware esx 2.1.1
vmware esx 2.5
vmware esx 2.5.2
vmware esx 2.0.1
CVE-2005-4773 MEDIUM

The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware esx 1.5.2
vmware esx 2.0
vmware esx 2.1.2
vmware esx 2.1.1
vmware esx 2.5
vmware esx *
vmware esx 2.0.1
CVE-2006-2662 MEDIUM

VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware server 1.0.1_build_29996
CVE-2006-3547 LOW

EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware player *
CVE-2006-3589 LOW

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware esx 2.0
vmware esx 2.1.2
vmware player *
vmware infrastructure 3
vmware esx 2.1.1
vmware esx 2.5
vmware esx 2.5.2
vmware workstation 5.5.3
vmware server 1.0.1_build_29996
vmware esx 2.1
vmware esx 2.0.1
CVE-2008-3281 MEDIUM

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-776,

Products Affected

Vendor Product Version
debian debian_linux 4.0
apple iphone_os *
redhat enterprise_linux_workstation 4.0
vmware esx 2.5.4
redhat enterprise_linux_desktop 3.0
redhat enterprise_linux_server 4.0
canonical ubuntu_linux 6.06
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server 2.0
vmware esx 3.0.2
redhat enterprise_linux_workstation 2.0
redhat enterprise_linux_server 3.0
xmlsoft libxml2 *
redhat enterprise_linux_eus 4.7
redhat enterprise_linux_workstation 3.0
vmware esx 2.5.5
redhat enterprise_linux_desktop 5.0
fedoraproject fedora 9
canonical ubuntu_linux 7.04
canonical ubuntu_linux 8.04
apple safari *
canonical ubuntu_linux 7.10
redhat enterprise_linux_desktop 4.0
redhat enterprise_linux_server 5.0
redhat enterprise_linux_eus 5.2
vmware esx 3.0.3
CVE-2009-0034 MEDIUM

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
gratisoft sudo 1.6.9
vmware esx 4.0
CVE-2009-0778 HIGH

The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.14.3
linux linux_kernel 2.6.19.4
linux linux_kernel 2.6.15.10
linux linux_kernel 2.6.16.19
linux linux_kernel 2.6.17.3
linux linux_kernel 2.6.24.2
linux linux_kernel 2.6.17.8
linux linux_kernel 2.6.18.8
linux linux_kernel 2.6.20.1
linux linux_kernel 2.6.16.10
linux linux_kernel 2.6.22.7
linux linux_kernel 2.6.11.3
linux linux_kernel 2.6.13.4
linux linux_kernel 2.6.17.9
linux linux_kernel 2.6.16.53
linux linux_kernel 2.6.17.6
linux linux_kernel 2.6.11.12
linux linux_kernel 2.6.22.13
vmware vma 4.0
linux linux_kernel 2.6.20.11
linux linux_kernel 2.6.20.13
linux linux_kernel 2.6.22.6
linux linux_kernel 2.6.20.8
linux linux_kernel 2.6.15.1
linux linux_kernel 2.6.14.1
linux linux_kernel 2.6.16.15
linux linux_kernel 2.6.19.6
linux linux_kernel 2.6.16.13
linux linux_kernel 2.6.19.3
linux linux_kernel 2.6.23.3
linux linux_kernel 2.6.16.14
linux linux_kernel 2.6.23.17
linux linux_kernel 2.6.16.33
linux linux_kernel 2.6.9
linux linux_kernel 2.6.20.9
linux linux_kernel 2.6.11.10
linux linux_kernel 2.6.20.19
linux linux_kernel 2.6.17.7
linux linux_kernel 2.6.12.1
linux linux_kernel 2.6.18
linux linux_kernel 2.6.23.9
linux linux_kernel 2.6.16.44
linux linux_kernel 2.6.4
linux linux_kernel 2.6.14.2
linux linux_kernel 2.6.16.25
linux linux_kernel 2.6.24.1
linux linux_kernel *
linux linux_kernel 2.6.16.7
vmware esx 4.0
linux linux_kernel 2.6.5
linux linux_kernel 2.6.16.18
linux linux_kernel 2.6.16.12
linux linux_kernel 2.6.16.62
linux linux_kernel 2.6.16.46
linux linux_kernel 2.6.17.14
linux linux_kernel 2.6.16.38
linux linux_kernel 2.6.24.4
linux linux_kernel 2.6.21.5
linux linux_kernel 2.6.16.57
linux linux_kernel 2.6.20.16
linux linux_kernel 2.6.16.27
linux linux_kernel 2.6.14.5
linux linux_kernel 2.6.22.3
linux linux_kernel 2.6.16.5
linux linux_kernel 2.6.16.45
linux linux_kernel 2.6.16.43
linux linux_kernel 2.6.18.5
linux linux_kernel 2.6.23.14
linux linux_kernel 2.6.16.17
linux linux_kernel 2.6.17.5
linux linux_kernel 2.6.23.11
linux linux_kernel 2.6.13.5
linux linux_kernel 2.6.14.4
linux linux_kernel 2.6.16.9
linux linux_kernel 2.6.16.28
linux linux_kernel 2.6.22.8
vmware esx 2.5.5
linux linux_kernel 2.6.0
linux linux_kernel 2.6.1
vmware virtualcenter 2.5
linux linux_kernel 2.6.14
linux linux_kernel 2.6.16.24
linux linux_kernel 2.6.20.18
linux linux_kernel 2.6.11.5
linux linux_kernel 2.6.20.10
linux linux_kernel 2.6.23.12
linux linux_kernel 2.6.14.7
linux linux_kernel 2.6.20.12
linux linux_kernel 2.6.23.10
linux linux_kernel 2.6.21.4
linux linux_kernel 2.6.16.42
linux linux_kernel 2.6.16.6
linux linux_kernel 2.6.22.10
linux linux_kernel 2.6.18.1
linux linux_kernel 2.6.16.58
linux linux_kernel 2.6.16.3
linux linux_kernel 2.6.11.6
linux linux_kernel 2.6.16.60
linux linux_kernel 2.6.22.5
linux linux_kernel 2.6.7
linux linux_kernel 2.6.16.50
linux linux_kernel 2.6.19.5
linux linux_kernel 2.6.16.21
linux linux_kernel 2.6.11.4
linux linux_kernel 2.6.6
linux linux_kernel 2.6.16.40
linux linux_kernel 2.6.22.15
linux linux_kernel 2.6.15.5
linux linux_kernel 2.6.22.1
linux linux_kernel 2.6.16.52
linux linux_kernel 2.6.22.12
linux linux_kernel 2.6.22.20
linux linux_kernel 2.6.12.2
linux linux_kernel 2.6.16.54
linux linux_kernel 2.6.3
linux linux_kernel 2.6.12
linux linux_kernel 2.6.16.39
linux linux_kernel 2.6.24.6
linux linux_kernel 2.6.16.32
linux linux_kernel 2.6.22.17
linux linux_kernel 2.6.23
linux linux_kernel 2.6.16.59
linux linux_kernel 2.6.17.10
linux linux_kernel 2.6.13.3
linux linux_kernel 2.6.15.7
linux linux_kernel 2.6.23.4
linux linux_kernel 2.6.20.17
linux linux_kernel 2.6.16.34
linux linux_kernel 2.6.22
linux linux_kernel 2.6.18.6
linux linux_kernel 2.6.14.6
vmware esx 3.5
linux linux_kernel 2.6.23.5
linux linux_kernel 2.6.19.2
linux linux_kernel 2.6.15
linux linux_kernel 2.6.21
linux linux_kernel 2.6.18.2
vmware server 2.0.0
linux linux_kernel 2.6.22.2
linux linux_kernel 2.6.22.9
linux linux_kernel 2.6.20.7
linux linux_kernel 2.6.21.2
linux linux_kernel 2.6.20.5
linux linux_kernel 2.6.15.6
linux linux_kernel 2.6.16.41
linux linux_kernel 2.6.22.11
linux linux_kernel 2.6.20.20
linux linux_kernel 2.6.17.4
linux linux_kernel 2.6.20.14
linux linux_kernel 2.6.17.12
linux linux_kernel 2.6.18.7
linux linux_kernel 2.6.23.13
linux linux_kernel 2.6.16.47
linux linux_kernel 2.6.16.26
vmware virtualcenter 2.0.2
linux linux_kernel 2.6.16.11
linux linux_kernel 2.6.19.7
linux linux_kernel 2.6.15.11
linux linux_kernel 2.6.12.5
linux linux_kernel 2.6.21.7
linux linux_kernel 2.6.19
linux linux_kernel 2.6.21.1
linux linux_kernel 2.6.20.21
linux linux_kernel 2.6.19.1
linux linux_kernel 2.6.8
linux linux_kernel 2.6.16.8
linux linux_kernel 2.6.11.9
linux linux_kernel 2.6.22.4
linux linux_kernel 2.6.12.3
linux linux_kernel 2.6.17.11
linux linux_kernel 2.6.20
linux linux_kernel 2.6.11.11
linux linux_kernel 2.6.16.4
linux linux_kernel 2.6.11.8
linux linux_kernel 2.6.18.4
linux linux_kernel 2.6.17.1
linux linux_kernel 2.6.16.22
vmware esx 3.0.3
linux linux_kernel 2.6.22.19
vmware vcenter 4.0
linux linux_kernel 2.6.15.3
linux linux_kernel 2.6.20.15
linux linux_kernel 2.6.17
linux linux_kernel 2.6.20.2
linux linux_kernel 2.6.15.8
linux linux_kernel 2.6.11.2
linux linux_kernel 2.6.23.15
linux linux_kernel 2.6.16.37
linux linux_kernel 2.6.16.30
linux linux_kernel 2.6.24.3
linux linux_kernel 2.6.12.6
linux linux_kernel 2.6.20.6
linux linux_kernel 2.6.24
linux linux_kernel 2.6.17.2
linux linux_kernel 2.6.13.2
linux linux_kernel 2.6.23.6
linux linux_kernel 2.6.16.2
linux linux_kernel 2.6.22.18
linux linux_kernel 2.6.23.2
linux linux_kernel 2.6.20.3
linux linux_kernel 2.6.16.29
linux linux_kernel 2.6.10
linux linux_kernel 2.6.16.31
linux linux_kernel 2.6.16.49
linux linux_kernel 2.6.21.3
linux linux_kernel 2.6.15.4
linux linux_kernel 2.6.16.36
linux linux_kernel 2.6.21.6
linux linux_kernel 2.6.16.35
linux linux_kernel 2.6.13.1
linux linux_kernel 2.6.16.1
linux linux_kernel 2.6.18.3
linux linux_kernel 2.6.8.1
linux linux_kernel 2.6.20.4
linux linux_kernel 2.6.2
linux linux_kernel 2.6.16.61
linux linux_kernel 2.6.23.16
linux linux_kernel 2.6.16.56
linux linux_kernel 2.6.22.16
linux linux_kernel 2.6.16.55
linux linux_kernel 2.6.16.48
linux linux_kernel 2.6.16.16
linux linux_kernel 2.6.16.51
linux linux_kernel 2.6.15.9
linux linux_kernel 2.6.17.13
linux linux_kernel 2.6.12.4
linux linux_kernel 2.6.11.7
linux linux_kernel 2.6.23.1
linux linux_kernel 2.6.11.1
linux linux_kernel 2.6.15.2
linux linux_kernel 2.6.16.23
linux linux_kernel 2.6.23.8
linux linux_kernel 2.6.16
linux linux_kernel 2.6.16.20
linux linux_kernel 2.6.24.5
linux linux_kernel 2.6.13
linux linux_kernel 2.6.22.14
linux linux_kernel 2.6.11
CVE-2009-1072 MEDIUM

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
opensuse opensuse 11.1
debian debian_linux 4.0
vmware vma 4.0
debian debian_linux 5.0
vmware esx 3.5
canonical ubuntu_linux 8.04
vmware virtualcenter 2.5
canonical ubuntu_linux 6.06
vmware vcenter_server 4.0
vmware virtualcenter 2.0.2
canonical ubuntu_linux 8.10
vmware server 2.0.0
linux linux_kernel *
vmware esx 4.0
opensuse opensuse 10.3
suse linux_enterprise_server 10
suse linux_enterprise_desktop 10
opensuse opensuse 11.0
canonical ubuntu_linux 9.04
vmware esx 3.0.3
CVE-2009-1142

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.

Products Affected

Vendor Product Version
vmware open_vm_tools 2009.03.18-154848
CVE-2009-1143

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

Products Affected

Vendor Product Version
vmware open-vm-tools 2009.03.18-154848
CVE-2009-1564 HIGH

Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware player 2.5.1
vmware workstation 6.5.0
vmware movie_decoder 6.5.3
vmware server 2.0.2
vmware player 2.5.2
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware player 2.5.3
vmware workstation 6.5.3
vmware server 2.0.0
vmware player 2.5
CVE-2009-1565 HIGH

vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware player 2.5.1
vmware workstation 6.5.0
vmware movie_decoder 6.5.3
vmware server 2.0.2
vmware player 2.5.2
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware player 2.5.3
vmware workstation 6.5.3
vmware server 2.0.0
vmware player 2.5
CVE-2009-2277 MEDIUM

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware virtualcenter 2.0.2
vmware esx_server 3.0.3
vmware virtualcenter 2.5
vmware esx_server 3.5
CVE-2009-2416 MEDIUM

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 4.0
apple iphone_os *
redhat enterprise_linux 5.0
xmlsoft libxml2 2.6.32
xmlsoft libxml2 2.5.10
canonical ubuntu_linux 6.06
vmware vcenter_server 4.0
sun openoffice.org *
fedoraproject fedora 11
apple mac_os_x_server *
vmware esxi 4.0
vmware esxi 3.5
canonical ubuntu_linux 9.04
xmlsoft libxml 1.8.17
xmlsoft libxml2 2.6.16
xmlsoft libxml2 2.6.26
suse linux_enterprise_server 9
vmware vma 4.0
suse linux_enterprise 11.0
fedoraproject fedora 10
opensuse opensuse *
vmware esx 3.5
xmlsoft libxml2 2.6.27
canonical ubuntu_linux 8.04
apple safari *
redhat enterprise_linux 4.0
suse linux_enterprise 10.0
apple mac_os_x *
canonical ubuntu_linux 8.10
redhat enterprise_linux 3.0
vmware esx 4.0
google chrome *
vmware esx 3.0.3
CVE-2009-2698 HIGH

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 4.0
suse linux_enterprise_server 9
fedoraproject fedora 10
redhat enterprise_linux_eus 4.8
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_eus 5.3
canonical ubuntu_linux 8.04
redhat enterprise_linux_server 4.0
canonical ubuntu_linux 6.06
vmware vcenter_server 4.0
redhat enterprise_linux_desktop 4.0
redhat enterprise_linux_workstation 5.0
canonical ubuntu_linux 8.10
linux linux_kernel *
redhat enterprise_linux_server_aus 5.3
vmware esxi 4.0
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 10
suse linux_enterprise_desktop 10
canonical ubuntu_linux 9.04
CVE-2009-3080 HIGH

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,

Products Affected

Vendor Product Version
opensuse opensuse 11.1
canonical ubuntu_linux 9.10
debian debian_linux 4.0
redhat virtualization 5.0
redhat enterprise_linux_desktop 5.0
vmware esx 3.5
canonical ubuntu_linux 8.04
linux linux_kernel 2.6.32
canonical ubuntu_linux 6.06
redhat enterprise_linux_eus 5.4
canonical ubuntu_linux 8.10
redhat fedora 10
linux linux_kernel *
opensuse opensuse 11.2
redhat enterprise_linux_server_workstation 5.0
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 10
suse linux_enterprise_desktop 10
canonical ubuntu_linux 9.04
CVE-2009-3547 MEDIUM

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-476,CWE-672,

Products Affected

Vendor Product Version
canonical ubuntu_linux 9.10
novell linux_desktop 9
vmware vma 4.0
fedoraproject fedora 10
canonical ubuntu_linux 8.04
suse suse_linux_enterprise_desktop 10
linux linux_kernel 2.6.32
canonical ubuntu_linux 6.06
canonical ubuntu_linux 8.10
linux linux_kernel *
vmware esx 4.0
opensuse opensuse 11.2
suse suse_linux_enterprise_server 10
opensuse opensuse 11.0
canonical ubuntu_linux 9.04
CVE-2009-3621 MEDIUM

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
canonical ubuntu_linux 9.10
vmware vma 4.0
fedoraproject fedora 10
canonical ubuntu_linux 8.04
suse suse_linux_enterprise_desktop 10
canonical ubuntu_linux 6.06
canonical ubuntu_linux 8.10
linux linux_kernel *
vmware esx 4.0
opensuse opensuse 11.2
suse suse_linux_enterprise_server 10
opensuse opensuse 11.0
canonical ubuntu_linux 9.04
CVE-2009-3707 MEDIUM

VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware workstation 6.5.4
vmware ace 2.5.2
vmware player 2.5.2
vmware ace 2.5.0
vmware ace 2.5.4
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware player 2.5.4
vmware player 2.5
vmware player 3.0
vmware ace 2.5.1
vmware player 2.5.1
vmware workstation 6.5.0
vmware ace 2.6.1
vmware server 2.0.2
vmware workstation 7.0
vmware ace 2.6
vmware player 3.0.1
vmware player 2.5.3
vmware workstation 6.5.3
vmware server 2.0.0
vmware workstation 7.0.1
vmware ace 2.5.3
CVE-2009-3732 HIGH

Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
vmware player *
vmware ace *
vmware player 3.0
vmware server *
vmware workstation 7.0
vmware ace 2.6
vmware workstation *
CVE-2009-3733 MEDIUM

Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware server 1.0.5
vmware server 1.0.7
vmware server 1.0.9
vmware server 1.0.8
vmware server 1.0.1_build_29996
vmware esx 3.5
vmware server 1.0.3
vmware server 1.0
vmware server 1.0.4
vmware server 2.0.0
vmware server 1.0.1
vmware esxi 3.5
vmware server 1.0.4_build_56528
vmware server 1.0.2
vmware esx 3.0.3
vmware server 1.0.6
CVE-2009-4811 MEDIUM

VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware workstation 6.5.4
vmware ace 2.5.2
vmware player 2.5.2
vmware ace 2.5.0
vmware ace 2.5.4
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware player 2.5.4
vmware player 2.5
vmware player 3.0
vmware ace 2.5.1
vmware player 2.5.1
vmware workstation 6.5.0
vmware ace 2.6.1
vmware server 2.0.2
vmware workstation 7.0
vmware ace 2.6
vmware player 3.0.1
vmware player 2.5.3
vmware workstation 6.5.3
vmware server 2.0.0
vmware workstation 7.0.1
vmware ace 2.5.3
CVE-2010-0211 MEDIUM

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,

Products Affected

Vendor Product Version
vmware esxi 4.1
apple mac_os_x *
apple mac_os_x_server *
vmware esxi 4.0
openldap openldap 2.4.22
opensuse opensuse 11.0
CVE-2010-0686 HIGH

WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware virtualcenter 2.0.2
vmware server 2.0.0
vmware esx_server 3.0.3
vmware virtualcenter 2.5
vmware esx_server 3.5
CVE-2010-1137 MEDIUM

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware virtualcenter 2.0.2
vmware esx_server 3.0.3
vmware virtualcenter 2.5
vmware server 1.0
vmware esx_server 3.5
CVE-2010-1138 MEDIUM

The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware fusion 2.0.6
vmware fusion 2.0
vmware fusion 2.0.2
vmware ace 2.5.2
vmware fusion 3.0
vmware player 2.5.2
vmware ace 2.5.0
vmware fusion 2.0.5
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware player 2.5
vmware fusion 2.0.1
vmware player 3.0
vmware ace 2.5.1
vmware player 2.5.1
vmware workstation 6.5.0
vmware server 2.0.2
vmware workstation 7.0
vmware fusion 2.0.4
vmware ace 2.6
vmware player 2.5.3
vmware workstation 6.5.3
vmware fusion 2.0.3
vmware server 2.0.0
vmware ace 2.5.3
CVE-2010-1139 HIGH

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware player 2.5.1
vmware workstation 6.5.0
vmware fusion 2.0.6
vmware fusion 2.0
vmware fusion 2.0.2
vmware server 2.0.2
vmware vix_api 1.6.1
vmware player 2.5.2
vmware fusion 2.0.4
vmware fusion 2.0.5
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware player 2.5.3
vmware workstation 6.5.3
vmware fusion 2.0.3
vmware server 2.0.0
vmware player 2.5
vmware fusion 2.0.1
vmware vix_api 1.6.0
CVE-2010-1140 MEDIUM

The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware player 3.0
vmware workstation 7.0
CVE-2010-1141 HIGH

VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware fusion 2.0
vmware fusion 2.0.2
vmware ace 2.5.2
vmware fusion 3.0
vmware player 2.5.2
vmware ace 2.5.0
vmware fusion 2.0.5
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware esxi 4.0
vmware player 2.5
vmware esxi 3.5
vmware fusion 2.0.1
vmware ace 2.5.1
vmware player 2.5.1
vmware workstation 6.5.0
vmware esx 2.5.5
vmware server 2.0.2
vmware esx 3.5
vmware fusion 2.0.4
vmware player 2.5.3
vmware workstation 6.5.3
vmware fusion 2.0.3
vmware server 2.0.0
vmware esx 4.0
vmware ace 2.5.3
vmware esx 3.0.3
CVE-2010-1142 HIGH

VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware fusion 2.0
vmware fusion 2.0.2
vmware ace 2.5.2
vmware fusion 3.0
vmware player 2.5.2
vmware ace 2.5.0
vmware fusion 2.0.5
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware esxi 4.0
vmware player 2.5
vmware esxi 3.5
vmware fusion 2.0.1
vmware ace 2.5.1
vmware player 2.5.1
vmware workstation 6.5.0
vmware esx 2.5.5
vmware server 2.0.2
vmware esx 3.5
vmware fusion 2.0.4
vmware player 2.5.3
vmware workstation 6.5.3
vmware fusion 2.0.3
vmware server 2.0.0
vmware esx 4.0
vmware ace 2.5.3
vmware esx 3.0.3
CVE-2010-1143 MEDIUM

Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware view_manager 3.1.2
vmware view_manager 3.1.1
vmware view_manager 3.1.3
CVE-2010-1193 MEDIUM

Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware server 2.0.0
CVE-2010-1205 HIGH

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
apple itunes *
opensuse opensuse 11.1
fedoraproject fedora 12
apple iphone_os *
debian debian_linux 5.0
mozilla thunderbird *
suse linux_enterprise_server 11
canonical ubuntu_linux 6.06
apple mac_os_x_server *
suse linux_enterprise_server 10
canonical ubuntu_linux 9.04
canonical ubuntu_linux 9.10
vmware player *
suse linux_enterprise_server 9
canonical ubuntu_linux 10.04
libpng libpng *
canonical ubuntu_linux 8.04
apple safari *
apple mac_os_x *
mozilla firefox *
fedoraproject fedora 13
mozilla seamonkey *
opensuse opensuse 11.2
google chrome *
vmware workstation *
CVE-2010-1454 MEDIUM

com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware tc_server 6.0.20.a
vmware tc_server 6.0.20.b
vmware tc_server 6.0.20.c
vmware tc_server 6.0.19.a
vmware tc_server 6.0.19
vmware tc_server 6.0.20
vmware tc_server 6.0.25.a
CVE-2010-2066 LOW

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware esx 4.1
canonical ubuntu_linux 9.10
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
canonical ubuntu_linux 8.04
suse linux_enterprise_high_availability_extension 11
canonical ubuntu_linux 6.06
linux linux_kernel *
vmware esx 4.0
suse suse_linux_enterprise_server 11
canonical ubuntu_linux 9.04
suse suse_linux_enterprise_desktop 11
CVE-2010-2249 MEDIUM

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
apple itunes *
opensuse opensuse 11.1
fedoraproject fedora 12
canonical ubuntu_linux 9.10
vmware player *
apple iphone_os *
suse linux_enterprise_server 9
debian debian_linux 5.0
apple tvos *
canonical ubuntu_linux 10.04
libpng libpng *
suse linux_enterprise_server 11
canonical ubuntu_linux 8.04
apple safari *
canonical ubuntu_linux 6.06
fedoraproject fedora 13
opensuse opensuse 11.2
suse linux_enterprise_server 10
canonical ubuntu_linux 9.04
vmware workstation *
CVE-2010-2427 MEDIUM

VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware studio 2.0
CVE-2010-2492 HIGH

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
vmware esx 4.1
avaya aura_voice_portal 5.0
avaya aura_presence_services 6.0
avaya aura_session_manager 5.2
avaya aura_session_manager 1.1
avaya iq 5.0
avaya iq 5.1
avaya aura_system_platform 1.1
avaya aura_presence_services 6.1.1
avaya aura_system_platform 6.0
avaya aura_voice_portal 5.1
avaya aura_session_manager 6.0
avaya aura_system_manager 5.2
linux linux_kernel *
avaya aura_communication_manager 5.2
vmware esx 4.0
avaya aura_system_manager 6.1
avaya aura_system_manager 6.0
avaya aura_presence_services 6.1
avaya aura_system_manager 6.1.1
CVE-2010-2524 MEDIUM

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware esx 4.1
canonical ubuntu_linux 6.06
canonical ubuntu_linux 9.10
linux linux_kernel *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
vmware esx 4.0
canonical ubuntu_linux 8.04
suse suse_linux_enterprise_server 11
canonical ubuntu_linux 9.04
suse suse_linux_enterprise_desktop 11
CVE-2010-2667 MEDIUM

Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware studio 2.0
CVE-2010-2798 HIGH

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse opensuse 11.1
vmware esx 4.1
avaya aura_session_manager 5.2
debian debian_linux 5.0
avaya aura_session_manager 1.1
avaya iq 5.1
avaya aura_presence_services 6.1.1
avaya aura_system_platform 6.0
suse linux_enterprise_high_availability_extension 11
canonical ubuntu_linux 6.06
avaya voice_portal 5.0
avaya aura_system_manager 6.1
avaya aura_system_manager 6.0
canonical ubuntu_linux 9.04
suse suse_linux_enterprise_desktop 11
canonical ubuntu_linux 9.10
avaya aura_presence_services 6.0
avaya iq 5.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
avaya aura_system_platform 1.1
canonical ubuntu_linux 8.04
avaya voice_portal 5.1
avaya aura_session_manager 6.0
avaya aura_system_manager 5.2
linux linux_kernel *
avaya aura_communication_manager 5.2
vmware esx 4.0
suse suse_linux_enterprise_server 11
avaya aura_presence_services 6.1
avaya aura_system_manager 6.1.1
CVE-2010-2928 LOW

The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
vmware vcenter_server 4.1
CVE-2010-2942 LOW

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,

Products Affected

Vendor Product Version
opensuse opensuse 11.1
vmware esx 4.1
avaya aura_session_manager 5.2
avaya aura_session_manager 1.1
avaya iq 5.1
opensuse opensuse 11.3
linux linux_kernel 2.6.36
avaya aura_presence_services 6.1.1
avaya aura_system_platform 6.0
canonical ubuntu_linux 6.06
avaya voice_portal 5.0
avaya aura_system_manager 6.1
suse suse_linux_enterprise_server 10
avaya aura_system_manager 6.0
canonical ubuntu_linux 9.04
suse suse_linux_enterprise_desktop 11
canonical ubuntu_linux 9.10
avaya aura_presence_services 6.0
avaya iq 5.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
avaya aura_system_platform 1.1
canonical ubuntu_linux 8.04
suse suse_linux_enterprise_desktop 10
avaya voice_portal 5.1
avaya aura_session_manager 6.0
avaya aura_system_manager 5.2
linux linux_kernel *
avaya aura_communication_manager 5.2
vmware esx 4.0
suse suse_linux_enterprise_server 11
avaya aura_presence_services 6.1
avaya aura_system_manager 6.1.1
CVE-2010-2943 MEDIUM

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware esx 4.1
avaya aura_voice_portal 5.0
avaya aura_session_manager 5.2
avaya aura_session_manager 1.1
avaya iq 5.1
avaya aura_presence_services 6.1.1
avaya aura_system_platform 6.0
canonical ubuntu_linux 6.06
avaya aura_system_manager 6.1
avaya aura_system_manager 6.0
canonical ubuntu_linux 9.10
avaya aura_presence_services 6.0
avaya iq 5.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
avaya aura_system_platform 1.1
avaya aura_voice_portal 5.1
avaya aura_session_manager 6.0
avaya aura_system_manager 5.2
linux linux_kernel *
avaya aura_communication_manager 5.2
vmware esx 4.0
avaya aura_presence_services 6.1
avaya aura_system_manager 6.1.1
CVE-2010-3078 LOW

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
opensuse opensuse 11.1
vmware esx 4.1
canonical ubuntu_linux 9.10
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
opensuse opensuse 11.3
linux linux_kernel 2.6.36
canonical ubuntu_linux 8.04
canonical ubuntu_linux 6.06
linux linux_kernel *
vmware esx 4.0
suse suse_linux_enterprise_server 11
canonical ubuntu_linux 9.04
suse suse_linux_enterprise_desktop 11
CVE-2010-3081 HIGH

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware esx 4.1
linux linux_kernel *
vmware esx 4.0
linux linux_kernel 2.6.36
suse suse_linux_enterprise_server 11
suse suse_linux_enterprise_desktop 11
CVE-2010-3277 LOW

The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware player 3.0.1
vmware workstation 7.1
vmware player 3.0
vmware workstation 7.0
vmware workstation 7.1.1
vmware workstation 7.0.1
vmware player 3.1
vmware player 3.1.1
CVE-2010-3609 MEDIUM

The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
openslp openslp 1.2.1
vmware esxi 4.0
vmware esx 4.0
CVE-2010-3700 MEDIUM

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware springsource_spring_security 2.0.1
vmware springsource_spring_security 2.0.2
acegisecurity acegi-security 1.0.4
acegisecurity acegi-security 1.0.2
vmware springsource_spring_security 3.0.1
vmware springsource_spring_security 3.0.2
ibm websphere_application_server 6.1
acegisecurity acegi-security 1.0.7
vmware springsource_spring_security 2.0.4
ibm websphere_application_server 7.0
acegisecurity acegi-security 1.0.3
vmware springsource_spring_security 3.0.0
vmware springsource_spring_security 3.0.3
vmware springsource_spring_security 2.0.3
vmware springsource_spring_security 2.0.5
acegisecurity acegi-security 1.0.0
acegisecurity acegi-security 1.0.1
acegisecurity acegi-security 1.0.5
acegisecurity acegi-security 1.0.6
vmware springsource_spring_security 2.0.0
CVE-2010-3904 HIGH

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1284,

Products Affected

Vendor Product Version
canonical ubuntu_linux 9.10
vmware esxi 4.1
redhat enterprise_linux 6.0
redhat enterprise_linux 5.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 10.10
opensuse opensuse 11.3
suse linux_enterprise_server 11
canonical ubuntu_linux 8.04
canonical ubuntu_linux 6.06
suse linux_enterprise_real_time_extension 11
linux linux_kernel *
suse linux_enterprise_desktop 11
vmware esxi 4.0
vmware esxi 5.0
opensuse opensuse 11.2
vmware esxi 3.5
canonical ubuntu_linux 9.04
CVE-2010-4251 HIGH

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
vmware esx 4.1
linux linux_kernel *
vmware esx 4.0
redhat enterprise_linux 4.0
CVE-2010-4263 HIGH

The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esx 3.0.0
vmware esxi 4.1
vmware esx 3.0.1
vmware esx 3.5
linux linux_kernel *
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware esx 3.0.2
vmware esxi 3.5
vmware esx 3.0.3
CVE-2010-4294 HIGH

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
vmware server 2.0.1
vmware workstation 6.5.4
vmware workstation 7.1.2
vmware player 2.5.2
vmware workstation 7.1.1
vmware player 3.1
vmware movie_decoder 7.0
vmware movie_decoder 7.1.2
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware workstation 7.1
vmware player 2.5.4
vmware workstation 6.5.5
vmware player 2.5
vmware player 3.0
vmware player 2.5.1
vmware workstation 6.5.0
vmware movie_decoder 6.5.3
vmware server 2.0.2
vmware workstation 7.0
vmware player 3.1.1
vmware player 3.1.2
vmware player 2.5.5
vmware player 3.0.1
vmware player 2.5.3
vmware workstation 6.5.3
vmware movie_decoder *
vmware server 2.0.0
vmware movie_decoder 6.5.4
vmware workstation 7.0.1
CVE-2010-4295 MEDIUM

Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
vmware workstation 7.1.2
vmware server 2.0.2
vmware workstation 7.0
vmware workstation 7.1.1
vmware player 3.1
vmware player 3.1.1
vmware player 3.1.2
vmware fusion 3.1.2
vmware fusion 3.1
vmware fusion 3.1.1
vmware workstation 7.1
vmware workstation 7.0.1
CVE-2010-4296 HIGH

vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vmware workstation 7.1.2
vmware server 2.0.2
vmware workstation 7.0
vmware workstation 7.1.1
vmware player 3.1
vmware player 3.1.1
vmware player 3.1.2
vmware fusion 3.1.2
vmware fusion 3.1
vmware fusion 3.1.1
vmware workstation 7.1
vmware workstation 7.0.1
CVE-2010-4297 HIGH

The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware fusion 2.0.6
vmware workstation 7.1.2
vmware fusion 2.0.7
vmware fusion 2.0
vmware fusion 2.0.2
vmware player 2.5.2
vmware workstation 7.1.1
vmware fusion 2.0.5
vmware player 3.1
vmware workstation 6.5.1
vmware fusion 3.1
vmware workstation 6.5.2
vmware workstation 7.1
vmware player 2.5.4
vmware workstation 6.5.5
vmware esxi 4.0
vmware player 2.5
vmware esxi 3.5
vmware fusion 2.0.1
vmware fusion 2.0.8
vmware player 2.5.1
vmware workstation 6.5.0
vmware esxi 4.1
vmware workstation 7.0
vmware esx 3.5
vmware fusion 2.0.4
vmware player 3.1.1
vmware player 3.1.2
vmware fusion 3.1.2
vmware fusion 3.1.1
vmware player 2.5.5
vmware player 2.5.3
vmware workstation 6.5.3
vmware fusion 2.0.3
vmware esx 4.0
vmware workstation 7.0.1
CVE-2010-4343 MEDIUM

drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
vmware esx 4.1
linux linux_kernel *
vmware esx 4.0
CVE-2010-4526 HIGH

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
vmware esx 4.1
redhat enterprise_mrg 1.0
linux linux_kernel *
vmware esx 4.0
linux linux_kernel 2.6.11
CVE-2010-4573 HIGH

The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware esxi 4.1
CVE-2010-4655 LOW

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-665,

Products Affected

Vendor Product Version
vmware esx 4.1
linux linux_kernel *
vmware esx 4.0
canonical ubuntu_linux 8.04
CVE-2011-0355 HIGH

Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
cisco 1000v_virtual_ethernet_module_(vem) 4.0(4)
vmware esxi 4.0
vmware esx 4.0
CVE-2011-0426 MEDIUM

Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware vcenter 4.0
vmware vcenter 4.1
vmware virtualcenter 2.5
CVE-2011-0527 MEDIUM

VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware tc_server 2.0.2
vmware tc_server 2.1.1
vmware tc_server 2.0.4
vmware tc_server 2.0.5
vmware tc_server 2.0.0
vmware tc_server 2.0.3
vmware tc_server 2.1.0
vmware tc_server 2.0.1
CVE-2011-1126 MEDIUM

VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware workstation 6.5.4
vmware workstation 7.1.2
vmware vix_api 1.6.1
vmware vix_api 1.8
vmware workstation 7.1.3
vmware workstation 7.1.1
vmware vix_api 1.1.1
vmware vix_api 1.1.5
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware workstation 7.1
vmware vix_api 1.9
vmware workstation 6.5.5
vmware vix_api 1.1.4
vmware workstation 6.5.0
vmware vix_api 1.0
vmware workstation 7.0
vmware vix_api 1.1
vmware vix_api 1.8.1
vmware vix_api 1.1.2
vmware workstation 6.5.3
vmware vix_api 1.7
vmware vix_api 1.6.0
vmware vix_api 1.1.3
vmware workstation 7.0.1
CVE-2011-1681 LOW

vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

CVSS 2.0

Severity: LOW

Problem Type: CWE-16,

Products Affected

Vendor Product Version
vmware open-vm-tools *
CVE-2011-1785 HIGH

VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
vmware esx 4.0
CVE-2011-1786 MEDIUM

lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
vmware esx 4.1
likewise likewise_open 5.3
vmware esxi 4.1
likewise likewise_open 6.0
CVE-2011-1787 MEDIUM

Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware workstation 7.1.2
vmware esxi 4.1
vmware workstation 7.1.3
vmware workstation 7.1.1
vmware esx 3.5
vmware player 3.1
vmware player 3.1.1
vmware player 3.1.2
vmware fusion 3.1.2
vmware fusion 3.1
vmware fusion 3.1.1
vmware player 3.1.3
vmware esxi 4.0
vmware esx 4.0
vmware esxi 3.5
vmware esx 3.0.3
CVE-2011-1788 LOW

vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware vcenter 4.0
vmware vcenter 4.1
CVE-2011-1789 MEDIUM

The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware vcenter 4.0
vmware esxi 4.1
vmware vcenter 4.1
vmware esxi 4.0
vmware esx 4.0
CVE-2011-2145 MEDIUM

mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware workstation 7.1.2
vmware esxi 4.1
vmware workstation 7.1.3
vmware workstation 7.1.1
vmware esx 3.5
vmware player 3.1
vmware player 3.1.1
vmware player 3.1.2
vmware fusion 3.1.2
vmware fusion 3.1
vmware fusion 3.1.1
vmware player 3.1.3
vmware esxi 4.0
vmware esx 4.0
vmware esxi 3.5
vmware esx 3.0.3
CVE-2011-2146 LOW

mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware workstation 7.1.2
vmware esxi 4.1
vmware workstation 7.1.3
vmware workstation 7.1.1
vmware esx 3.5
vmware player 3.1
vmware player 3.1.1
vmware player 3.1.2
vmware fusion 3.1.2
vmware fusion 3.1
vmware fusion 3.1.1
vmware player 3.1.3
vmware esxi 4.0
vmware esx 4.0
vmware esxi 3.5
vmware esx 3.0.3
CVE-2011-2217 HIGH

Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
tomsawyer get_extension_factory 5.5.2.237
vmware infrastructure 3
vmware virtual_infrastructure_client 2.0.2
vmware virtual_infrastructure_client 2.5
CVE-2011-2894 MEDIUM

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
vmware spring_framework *
vmware spring_security *
CVE-2011-3868 HIGH

Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware workstation 7.1.2
vmware workstation 7.1.3
vmware workstation 7.0
vmware workstation 7.1.1
vmware player 3.1
vmware player 3.1.1
vmware player 3.1.2
vmware fusion 3.1.2
vmware player 3.1.4
vmware fusion 3.1
vmware fusion 3.1.1
vmware player 3.1.3
vmware player 3.0.1
vmware workstation 7.1
vmware player 3.0
vmware ams *
vmware workstation 7.0.1
vmware workstation 7.1.4
CVE-2011-4404 MEDIUM

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
vmware vcenter_update_manager 4.1
vmware vcenter_update_manager 4.0
CVE-2012-0903 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware zimbra_desktop 7.1.2
CVE-2012-1472 MEDIUM

VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware vcenter_chargeback_manager *
vmware vcenter_chargeback_manager 1.6.2
CVE-2012-1508 HIGH

The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware view *
CVE-2012-1509 HIGH

Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware view *
CVE-2012-1510 HIGH

Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware view *
CVE-2012-1511 MEDIUM

Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware view *
CVE-2012-1512 MEDIUM

Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vsphere *
CVE-2012-1513 MEDIUM

The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware vcenter_orchestrator 4.0
vmware vcenter_orchestrator 4.1
CVE-2012-1514 MEDIUM

Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
vmware vshield_manager *
CVE-2012-1515 HIGH

VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
vmware esx 4.0
vmware esxi 3.5
vmware esx 3.5
CVE-2012-1516 HIGH

The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
vmware esx 4.0
vmware esxi 3.5
vmware esx 3.5
CVE-2012-1517 HIGH

The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
CVE-2012-1518 HIGH

VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware fusion 4.1
vmware fusion 4.0.2
vmware fusion 4.1.1
vmware esx 3.5
vmware workstation 8.0
vmware workstation 8.0.1
vmware player 4.0.1
vmware fusion 4.0.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware fusion 4.0
vmware esxi 3.5
vmware player 4.0.2
vmware player 4.0
CVE-2012-2448 HIGH

VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware esxi 3.5
vmware esx 3.5
CVE-2012-2449 HIGH

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware fusion 4.1
vmware fusion 4.0.2
vmware fusion 4.1.1
vmware fusion 4.1.2
vmware esx 3.5
vmware workstation 8.0
vmware workstation 8.0.1
vmware player 4.0.1
vmware workstation 8.0.2
vmware fusion 4.0.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware fusion 4.0
vmware esxi 3.5
vmware player 4.0.2
vmware player 4.0
CVE-2012-2450 HIGH

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware fusion 4.1
vmware fusion 4.0.2
vmware fusion 4.1.1
vmware esx 3.5
vmware workstation 8.0
vmware workstation 8.0.1
vmware player 4.0.1
vmware workstation 8.0.2
vmware fusion 4.0.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware fusion 4.0
vmware esxi 3.5
vmware player 4.0.2
vmware player 4.0
CVE-2012-2752 HIGH

Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware vma 4.1
vmware vma 4.0
vmware vma 5.0.0.1
CVE-2012-3288 HIGH

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware workstation 7.1.4.16648
vmware player 3.1.5
vmware workstation 7.1.2
vmware fusion 4.1
vmware workstation 7.1.3
vmware player 4.0.3
vmware workstation 7.1.1
vmware player 3.1
vmware workstation 8.0
vmware player 3.1.4
vmware workstation 8.0.1
vmware workstation 7.1
vmware fusion 4.0.1
vmware workstation 7.1.5
vmware esxi 4.0
vmware esxi 5.0
vmware fusion 4.0
vmware esxi 3.5
vmware player 3.0
vmware player 4.0.2
vmware player 4.0
vmware workstation 7.1.4
vmware esxi 4.1
vmware fusion 4.0.2
vmware fusion 4.1.1
vmware fusion 4.1.2
vmware workstation 7.0
vmware esx 3.5
vmware player 3.1.1
vmware player 3.1.2
vmware player 3.1.3
vmware player 3.0.1
vmware player 4.0.1
vmware workstation 8.0.2
vmware esx 4.0
vmware workstation 8.0.3
vmware workstation 7.0.1
CVE-2012-3289 HIGH

VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware player 4.0.3
vmware esx 3.5
vmware workstation 8.0
vmware workstation 8.0.1
vmware player 4.0.1
vmware workstation 8.0.2
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware esxi 3.5
vmware workstation 8.0.3
vmware player 4.0.2
vmware player 4.0
CVE-2012-5703 MEDIUM

The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
CVE-2012-5978 MEDIUM

Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware view 4.5
vmware view 4.6.1
vmware view 4.6.0
vmware view 5.0.1
vmware view 5.0.0
vmware view 4.0.0
vmware view 5.1.0
CVE-2012-6324 MEDIUM

Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.1
vmware vcenter_server_appliance 5.0
CVE-2012-6325 MEDIUM

VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.0
vmware vcenter_server_appliance *
CVE-2012-6326 HIGH

VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.0
vmware vcenter_server 5.0
vmware vcenter_server 4.1
CVE-2013-1405 HIGH

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware vi-client 2.5
vmware vcenter_server 4.1
vmware vsphere_client 4.1
vmware esx 3.5
vmware virtualcenter 2.5
vmware vcenter_server 4.0
vmware esxi 4.0
vmware vsphere_client 4.0
vmware esx 4.0
vmware esxi 3.5
CVE-2013-1406 HIGH

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware view 5.1.1
vmware view 4.6.1
vmware fusion 4.1
vmware esxi 5.1
vmware view 5.0.1
vmware view 5.0.0
vmware view 4.0.0
vmware workstation 8.0
vmware workstation 8.0.1
vmware workstation 9.0
vmware workstation 8.0.4
vmware esxi 4.0
vmware esxi 5.0
vmware fusion 4.1.3
vmware fusion 5.0
vmware view 5.0
vmware esxi 4.1
vmware fusion 4.1.1
vmware fusion 4.1.2
vmware view 5.1.0
vmware view 4.5
vmware workstation 8.0.1.27038
vmware fusion 5.0.1
vmware view 4.6.0
vmware workstation 8.0.2
vmware esx 4.0
vmware workstation 8.0.3
vmware workstation 8.0.0.18997
CVE-2013-1659 HIGH

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.1
vmware vcenter_server 4.0
vmware esxi 4.1
vmware esxi 5.1
vmware vcenter_server 5.0
vmware esxi 4.0
vmware esxi 5.0
vmware esxi 3.5
vmware vcenter_server_appliance 5.1.0a
CVE-2013-1661 MEDIUM

VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 5.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
CVE-2013-1662 MEDIUM

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware player 4.0.4
vmware workstation 9.0.1
vmware player 5.0.1
vmware player 5.0
vmware player 4.0.6
vmware workstation 9.0.2
vmware player 4.0.0.18997
vmware player 4.0.3
vmware workstation 8.0
vmware player 5.0.2
vmware workstation 8.0.1.27038
vmware workstation 8.0.1
vmware player 4.0.1
vmware workstation 8.0.2
vmware workstation 9.0
vmware workstation 8.0.4
vmware player 4.0.5
vmware workstation 8.0.6
vmware workstation 8.0.5
vmware workstation 8.0.3
vmware workstation 8.0.0.18997
vmware player 4.0.2
vmware player 4.0
CVE-2013-3079 HIGH

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.1
CVE-2013-3080 HIGH

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.1
CVE-2013-3107 MEDIUM

VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.0
CVE-2013-3519 HIGH

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware workstation 9.0.1
vmware player 5.0.1
vmware esxi 4.1
vmware player 5.0
vmware esxi 5.1
vmware workstation 9.0.2
vmware fusion 5.0.3
vmware player 5.0.2
vmware fusion 5.0.1
vmware fusion 5.0.2
vmware workstation 9.0
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware fusion 5.0
CVE-2013-3520 HIGH

VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
vmware vcenter_chargeback_manager *
vmware vcenter_chargeback_manager 1.6.2
vmware vcenter_chargeback_manager 1.5.0
vmware vcenter_chargeback_manager 2.0.0
vmware vcenter_chargeback_manager 1.6.0
vmware vcenter_chargeback_manager 2.0.1
vmware vcenter_chargeback_manager 1.6.1
CVE-2013-3657 HIGH

Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
CVE-2013-3658 HIGH

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
CVE-2013-4152 MEDIUM

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
springsource spring_framework 3.0.2
springsource spring_framework 3.0.5
springsource spring_framework 3.0.3
springsource spring_framework 3.0.0.m1
vmware spring_framework 3.1.1
vmware spring_framework 3.0.6
vmware spring_framework 3.2.1
vmware spring_framework 3.1.4
springsource spring_framework 3.0.0
vmware spring_framework 4.0.0
vmware spring_framework 3.1.0
vmware spring_framework 3.1.2
springsource spring_framework 3.0.4
springsource spring_framework 3.0.1
vmware spring_framework 3.1.3
vmware spring_framework 3.2.0
vmware spring_framework *
springsource spring_framework 3.0.0.m2
vmware spring_framework 3.0.7
vmware spring_framework 3.2.2
CVE-2013-5970 HIGH

hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
CVE-2013-5971 MEDIUM

Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcenter_server 4.1.0.17435
vmware vcenter_server 5.0
vmware vcenter_server 4.1
vmware vcenter_server 4.1.0.14766
vmware vcenter_server 4.0.0.12305
vmware vcenter_server 4.0.0.10021
vmware vcenter_server 4.1.0.12319
CVE-2013-5972 HIGH

VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware workstation 9.0.1
vmware player 5.0.1
vmware player 5.0
vmware workstation 9.0
vmware workstation 9.0.2
vmware player 5.0.2
CVE-2013-5973 MEDIUM

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 5.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
CVE-2013-6366 MEDIUM

The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
vmware hyperic_hq 4.6.6
CVE-2013-6429 MEDIUM

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-611,

Products Affected

Vendor Product Version
vmware spring_framework 4.0.0
pivotal_software spring_framework *
CVE-2013-7315 MEDIUM

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
springsource spring_framework 3.0.2
springsource spring_framework 3.0.5
springsource spring_framework 3.0.3
springsource spring_framework 3.0.0.m1
vmware spring_framework 3.1.1
vmware spring_framework 3.0.6
vmware spring_framework 3.2.1
vmware spring_framework 3.1.4
springsource spring_framework 3.0.0
vmware spring_framework 4.0.0
vmware spring_framework 3.1.0
vmware spring_framework 3.1.2
springsource spring_framework 3.0.4
springsource spring_framework 3.0.1
vmware spring_framework 3.1.3
vmware spring_framework 3.2.0
vmware spring_framework *
springsource spring_framework 3.0.0.m2
vmware spring_framework 3.0.7
vmware spring_framework 3.2.2
CVE-2014-0054 MEDIUM

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
vmware spring_framework 3.2.3
springsource spring_framework 3.0.2
vmware spring_framework 3.1.1
vmware spring_framework 3.2.4
vmware spring_framework 3.0.6
springsource spring_framework 4.0.1
springsource spring_framework 3.0.0
vmware spring_framework 4.0.0
springsource spring_framework 4.0.0
vmware spring_framework 3.1.0
vmware spring_framework 3.1.2
springsource spring_framework 3.2.6
springsource spring_framework 3.0.1
vmware spring_framework 3.1.3
vmware spring_framework 3.2.0
vmware spring_framework *
vmware spring_framework 3.0.7
vmware spring_framework 3.2.2
springsource spring_framework 3.0.5
springsource spring_framework 3.0.3
springsource spring_framework 3.2.5
springsource spring_framework 3.0.0.m1
vmware spring_framework 3.2.1
vmware spring_framework 3.1.4
springsource spring_framework 3.0.4
springsource spring_framework 3.0.0.m2
CVE-2014-0097 HIGH

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware spring_security 3.1.4
vmware spring_security 3.2.1
vmware spring_security 3.1.1
vmware spring_security 3.2.0
vmware spring_security 3.1.5
vmware spring_security 3.1.0
vmware spring_security 3.1.2
vmware spring_security 3.1.3
CVE-2014-0225 MEDIUM

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
vmware spring_framework 3.2.3
vmware spring_framework 3.1.1
vmware spring_framework 3.2.4
vmware spring_framework 3.0.6
vmware spring_framework 3.0.2
pivotal_software spring_framework 3.0.0
vmware spring_framework 3.2.8
vmware spring_framework 4.0.0
vmware spring_framework 3.1.0
vmware spring_framework 3.1.2
vmware spring_framework 3.0.1
vmware spring_framework 3.2.7
vmware spring_framework 3.1.3
vmware spring_framework 3.2.0
vmware spring_framework 3.0.4
vmware spring_framework 4.0.1
vmware spring_framework 3.0.7
vmware spring_framework 3.2.2
vmware spring_framework 3.0.5
pivotal_software spring_framework 3.2.0
vmware spring_framework 3.2.1
vmware spring_framework 4.0.2
vmware spring_framework 4.0.3
vmware spring_framework 4.0.4
vmware spring_framework 3.1.4
vmware spring_framework 3.2.5
vmware spring_framework 3.0.3
pivotal_software spring_framework 4.0.0
vmware spring_framework 3.2.6
pivotal_software spring_framework 3.1.0
CVE-2014-1207 MEDIUM

VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware esxi 5.1
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
CVE-2014-1208 LOW

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware esx 4.1
vmware esxi 4.1
vmware player 5.0
vmware esxi 5.1
vmware workstation 9.0
vmware esxi 4.0
vmware esxi 5.0
vmware esx 4.0
vmware fusion 5.0
CVE-2014-1209 HIGH

VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware vsphere_client 4.0
vmware vsphere_client 4.1
vmware vsphere_client 5.0
vmware vsphere_client 5.1
CVE-2014-1210 MEDIUM

VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
vmware vsphere_client 5.0
vmware vsphere_client 5.1
CVE-2014-1211 MEDIUM

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
vmware vcloud_director 5.1.1
vmware vcloud_director 5.1.0
vmware vcloud_director 5.1.2
CVE-2014-2384 MEDIUM

vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
vmware workstation 10.0.1_build_1379776
vmware player 6.0.1_build_1379776
CVE-2014-3527 HIGH

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware spring_security 3.2.3
vmware spring_security 3.1.4
vmware spring_security 3.2.1
vmware spring_security 3.1.1
vmware spring_security 3.2.0
vmware spring_security 3.2.4
vmware spring_security 3.1.0
vmware spring_security 3.1.2
vmware spring_security 3.2.2
vmware spring_security 3.1.3
CVE-2014-3625 MEDIUM

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
pivotal_software spring_framework *
vmware spring_framework *
CVE-2014-3790 HIGH

Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.1
vmware vcenter_server_appliance 5.5
CVE-2014-3793 MEDIUM

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware workstation 10.0.1
vmware esxi 5.1
vmware fusion 6.0
vmware fusion 6.0.2
vmware fusion 6.0.1
vmware esxi 5.0
vmware player 6.0.1
vmware player 6.0
vmware esxi 5.5
vmware workstation 10.0
CVE-2014-3796 MEDIUM

VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware nsx 6.0.5
vmware nsx 6.0.2
vmware vcloud_networking_and_security 5.1.2
vmware vcloud_networking_and_security 5.1
vmware vcloud_networking_and_security 5.5.1
vmware vcloud_networking_and_security 5.1.4
vmware vcloud_networking_and_security 5.1.4.1
vmware vcloud_networking_and_security 5.5.2.1
vmware vcloud_networking_and_security 5.1.1
vmware vcloud_networking_and_security 5.5.0a
vmware nsx 6.0.4
vmware vcloud_networking_and_security 5.1.3
vmware vcloud_networking_and_security 5.5.2
vmware nsx 6.0.3
vmware nsx 6.0
vmware nsx 6.0.1
vmware vcloud_networking_and_security 5.5
CVE-2014-3797 MEDIUM

Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.1
CVE-2014-4199 MEDIUM

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
vmware workstation 10.0.1
vmware workstation 10.0.2
vmware tools *
vmware vm-support 0.88
vmware workstation *
vmware workstation 10.0
CVE-2014-4200 MEDIUM

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware workstation 10.0.1
vmware workstation 10.0.2
vmware tools *
vmware vm-support 0.88
vmware workstation *
vmware workstation 10.0
CVE-2014-4241 MEDIUM

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.1
vmware vcenter_server 5.1
vmware esxi 5.1
oracle fusion_middleware 10.3.6
vmware vcenter_server 5.0
vmware vcenter_server 5.5
oracle fusion_middleware 10.0.2
CVE-2014-4258 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_server 12
oracle solaris 11.3
suse linux_enterprise_desktop 12
opensuse_project suse_linux_enterprise_server 11.0
oracle mysql *
opensuse_project suse_linux_enterprise_desktop 11.0
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_server 11
debian debian_linux 7.0
vmware vcenter_server_appliance 5.1
vmware vcenter_server_appliance 5.0
suse linux_enterprise_desktop 11
suse linux_enterprise_software_development_kit 11
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
vmware vcenter_server_appliance 5.5
opensuse_project suse_linux_enterprise_software_development_kit 11.0
CVE-2014-4632 MEDIUM

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
vmware vsphere_data_protection 5.5.1
vmware vsphere_data_protection 5.5.8
vmware vsphere_data_protection 5.5.6
vmware vsphere_data_protection 5.5.7
vmware vsphere_data_protection 5.8.0
vmware vsphere_data_protection 5.1
CVE-2014-6271 HIGH

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
suse linux_enterprise_server 12
redhat enterprise_linux_eus 7.7
f5 traffix_signaling_delivery_controller 3.4.1
suse linux_enterprise_desktop 12
f5 big-iq_cloud *
novell zenworks_configuration_management 11.1
f5 big-ip_wan_optimization_manager *
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
f5 arx_firmware *
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_application_acceleration_manager 11.6.0
novell zenworks_configuration_management 10.3
redhat enterprise_linux_workstation 6.0
suse linux_enterprise_desktop 11
ibm qradar_vulnerability_manager 7.2.1
f5 big-iq_device *
suse linux_enterprise_server 10
f5 big-ip_application_acceleration_manager *
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_for_scientific_computing 6.0
f5 big-ip_link_controller *
novell open_enterprise_server 11.0
redhat enterprise_linux_desktop 7.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
f5 big-ip_global_traffic_manager 11.6.0
redhat enterprise_linux_for_scientific_computing 7.0
ibm qradar_security_information_and_event_manager 7.2.5
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.6.0
suse studio_onsite 1.3
f5 big-ip_access_policy_manager 11.6.0
redhat enterprise_linux 4.0
f5 big-ip_local_traffic_manager *
vmware vcenter_server_appliance 5.0
redhat enterprise_linux_eus 7.4
f5 traffix_signaling_delivery_controller 4.1.0
novell zenworks_configuration_management 11
ibm qradar_security_information_and_event_manager 7.1.2
f5 traffix_signaling_delivery_controller 3.3.2
ibm qradar_security_information_and_event_manager 7.2.1
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
f5 big-ip_application_security_manager *
redhat virtualization 3.4
ibm san_volume_controller_firmware *
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_server_aus 5.9
ibm qradar_security_information_and_event_manager 7.2.6
ibm qradar_security_information_and_event_manager 7.2.7
ibm qradar_vulnerability_manager 7.2.4
ibm stn6800_firmware *
f5 big-iq_security *
ibm qradar_security_information_and_event_manager 7.2.2
qnap qts 4.1.1
ibm smartcloud_entry_appliance 2.4.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
novell open_enterprise_server 2.0
ibm storwize_v3500_firmware *
ibm qradar_security_information_and_event_manager 7.2
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_security_information_and_event_manager 7.1.0
f5 big-ip_analytics *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
opensuse opensuse 12.3
canonical ubuntu_linux 14.04
f5 big-ip_advanced_firewall_manager *
ibm infosphere_guardium_database_activity_monitoring 8.2
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
mageia mageia 3.0
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
apple mac_os_x *
redhat enterprise_linux_server_from_rhui 7.0
f5 traffix_signaling_delivery_controller *
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
redhat enterprise_linux_server_tus 7.3
vmware esx 4.0
ibm flex_system_v7000_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
vmware vcenter_server_appliance 5.5
oracle linux 6
oracle linux 4
vmware esx 4.1
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm smartcloud_provisioning 2.1.0
redhat enterprise_linux_server 7.0
ibm starter_kit_for_cloud 2.2.0
f5 big-ip_edge_gateway *
f5 enterprise_manager *
ibm qradar_security_information_and_event_manager 7.2.8.15
ibm qradar_vulnerability_manager 7.2.0
f5 big-ip_advanced_firewall_manager 11.6.0
checkpoint security_gateway *
redhat enterprise_linux_server 6.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
ibm smartcloud_entry_appliance 3.2.0
redhat enterprise_linux_server_tus 6.5
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
qnap qts *
ibm qradar_vulnerability_manager 7.2.8
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
canonical ubuntu_linux 12.04
redhat enterprise_linux_workstation 5.0
ibm qradar_risk_manager 7.1.0
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_server_aus 5.6
ibm qradar_security_information_and_event_manager 7.2.4
f5 big-ip_protocol_security_module *
citrix netscaler_sdx_firmware *
redhat enterprise_linux_for_power_big_endian 5.0_ppc
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
ibm pureapplication_system 2.0.0.0
redhat enterprise_linux_server_aus 7.6
vmware vcenter_server_appliance 5.1
f5 big-ip_webaccelerator *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
ibm smartcloud_entry_appliance 2.3.0
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_from_rhui 5.0
ibm smartcloud_entry_appliance 3.1.0
f5 big-ip_policy_enforcement_manager *
ibm software_defined_network_for_virtual_environments *
redhat enterprise_linux_server 5.0
suse linux_enterprise_software_development_kit 12
ibm qradar_security_information_and_event_manager 7.2.9
redhat enterprise_linux_server_from_rhui 6.0
redhat enterprise_linux_for_power_big_endian 5.9_ppc
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
ibm workload_deployer *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux_eus 6.5
ibm qradar_security_information_and_event_manager 7.2.3
redhat enterprise_linux 5.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
mageia mageia 4.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
ibm qradar_vulnerability_manager 7.2.2
suse linux_enterprise_server 11
debian debian_linux 7.0
ibm pureapplication_system *
novell zenworks_configuration_management 11.2
ibm infosphere_guardium_database_activity_monitoring 9.0
ibm qradar_security_information_and_event_manager 7.2.0
redhat enterprise_linux_eus 7.6
ibm storwize_v7000_firmware *
ibm stn6500_firmware *
arista eos *
f5 big-ip_access_policy_manager *
ibm qradar_security_information_and_event_manager 7.2.8
opensuse opensuse 13.2
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
ibm qradar_vulnerability_manager 7.2.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
redhat enterprise_linux 7.0
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
ibm qradar_security_information_and_event_manager 7.1.1
ibm qradar_vulnerability_manager 7.2.6
ibm stn7800_firmware *
canonical ubuntu_linux 10.04
oracle linux 5
redhat enterprise_linux_eus 7.5
novell zenworks_configuration_management 11.3.0
ibm storwize_v5000_firmware *
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.6.0
gnu bash *
redhat enterprise_linux_server_aus 6.4
ibm storwize_v3700_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
f5 big-ip_global_traffic_manager *
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
redhat enterprise_linux_desktop 6.0
opensuse opensuse 13.1
redhat gluster_storage_server_for_on-premise 2.1
redhat enterprise_linux_eus 5.9
f5 big-ip_policy_enforcement_manager 11.6.0
CVE-2014-7169 HIGH

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
suse linux_enterprise_server 12
redhat enterprise_linux_eus 7.7
f5 traffix_signaling_delivery_controller 3.4.1
suse linux_enterprise_desktop 12
f5 big-iq_cloud *
novell zenworks_configuration_management 11.1
f5 big-ip_wan_optimization_manager *
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
f5 arx_firmware *
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_application_acceleration_manager 11.6.0
novell zenworks_configuration_management 10.3
redhat enterprise_linux_workstation 6.0
suse linux_enterprise_desktop 11
ibm qradar_vulnerability_manager 7.2.1
f5 big-iq_device *
suse linux_enterprise_server 10
f5 big-ip_application_acceleration_manager *
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_for_scientific_computing 6.0
f5 big-ip_link_controller *
novell open_enterprise_server 11.0
redhat enterprise_linux_desktop 7.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
f5 big-ip_global_traffic_manager 11.6.0
redhat enterprise_linux_for_scientific_computing 7.0
ibm qradar_security_information_and_event_manager 7.2.5
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.6.0
suse studio_onsite 1.3
f5 big-ip_access_policy_manager 11.6.0
redhat enterprise_linux 4.0
f5 big-ip_local_traffic_manager *
vmware vcenter_server_appliance 5.0
redhat enterprise_linux_eus 7.4
f5 traffix_signaling_delivery_controller 4.1.0
novell zenworks_configuration_management 11
ibm qradar_security_information_and_event_manager 7.1.2
f5 traffix_signaling_delivery_controller 3.3.2
ibm qradar_security_information_and_event_manager 7.2.1
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
f5 big-ip_application_security_manager *
redhat virtualization 3.4
ibm san_volume_controller_firmware *
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_server_aus 5.9
ibm qradar_security_information_and_event_manager 7.2.6
ibm qradar_security_information_and_event_manager 7.2.7
ibm qradar_vulnerability_manager 7.2.4
ibm stn6800_firmware *
f5 big-iq_security *
ibm qradar_security_information_and_event_manager 7.2.2
qnap qts 4.1.1
ibm smartcloud_entry_appliance 2.4.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
novell open_enterprise_server 2.0
ibm storwize_v3500_firmware *
ibm qradar_security_information_and_event_manager 7.2
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_security_information_and_event_manager 7.1.0
f5 big-ip_analytics *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
opensuse opensuse 12.3
canonical ubuntu_linux 14.04
f5 big-ip_advanced_firewall_manager *
ibm infosphere_guardium_database_activity_monitoring 8.2
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
mageia mageia 3.0
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
apple mac_os_x *
redhat enterprise_linux_server_from_rhui 7.0
f5 traffix_signaling_delivery_controller *
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
redhat enterprise_linux_server_tus 7.3
vmware esx 4.0
ibm flex_system_v7000_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
vmware vcenter_server_appliance 5.5
oracle linux 6
oracle linux 4
vmware esx 4.1
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm smartcloud_provisioning 2.1.0
redhat enterprise_linux_server 7.0
ibm starter_kit_for_cloud 2.2.0
f5 big-ip_edge_gateway *
f5 enterprise_manager *
ibm qradar_security_information_and_event_manager 7.2.8.15
ibm qradar_vulnerability_manager 7.2.0
f5 big-ip_advanced_firewall_manager 11.6.0
checkpoint security_gateway *
redhat enterprise_linux_server 6.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
ibm smartcloud_entry_appliance 3.2.0
redhat enterprise_linux_server_tus 6.5
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
qnap qts *
ibm qradar_vulnerability_manager 7.2.8
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
canonical ubuntu_linux 12.04
redhat enterprise_linux_workstation 5.0
ibm qradar_risk_manager 7.1.0
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_server_aus 5.6
ibm qradar_security_information_and_event_manager 7.2.4
f5 big-ip_protocol_security_module *
citrix netscaler_sdx_firmware *
redhat enterprise_linux_for_power_big_endian 5.0_ppc
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
ibm pureapplication_system 2.0.0.0
redhat enterprise_linux_server_aus 7.6
vmware vcenter_server_appliance 5.1
f5 big-ip_webaccelerator *
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
ibm smartcloud_entry_appliance 2.3.0
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_from_rhui 5.0
ibm smartcloud_entry_appliance 3.1.0
f5 big-ip_policy_enforcement_manager *
ibm software_defined_network_for_virtual_environments *
redhat enterprise_linux_server 5.0
suse linux_enterprise_software_development_kit 12
ibm qradar_security_information_and_event_manager 7.2.9
redhat enterprise_linux_server_from_rhui 6.0
redhat enterprise_linux_for_power_big_endian 5.9_ppc
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
ibm workload_deployer *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux_eus 6.5
ibm qradar_security_information_and_event_manager 7.2.3
redhat enterprise_linux 5.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
mageia mageia 4.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
ibm qradar_vulnerability_manager 7.2.2
suse linux_enterprise_server 11
debian debian_linux 7.0
ibm pureapplication_system *
novell zenworks_configuration_management 11.2
ibm infosphere_guardium_database_activity_monitoring 9.0
ibm qradar_security_information_and_event_manager 7.2.0
redhat enterprise_linux_eus 7.6
ibm storwize_v7000_firmware *
ibm stn6500_firmware *
arista eos *
f5 big-ip_access_policy_manager *
ibm qradar_security_information_and_event_manager 7.2.8
opensuse opensuse 13.2
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
ibm qradar_vulnerability_manager 7.2.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
redhat enterprise_linux 7.0
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
ibm qradar_security_information_and_event_manager 7.1.1
ibm qradar_vulnerability_manager 7.2.6
ibm stn7800_firmware *
canonical ubuntu_linux 10.04
oracle linux 5
redhat enterprise_linux_eus 7.5
novell zenworks_configuration_management 11.3.0
ibm storwize_v5000_firmware *
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.6.0
gnu bash *
redhat enterprise_linux_server_aus 6.4
ibm storwize_v3700_firmware *
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
f5 big-ip_global_traffic_manager *
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
redhat enterprise_linux_desktop 6.0
opensuse opensuse 13.1
redhat gluster_storage_server_for_on-premise 2.1
redhat enterprise_linux_eus 5.9
f5 big-ip_policy_enforcement_manager 11.6.0
CVE-2014-8370 MEDIUM

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware workstation 10.0.1
vmware workstation 10.0.3
vmware esxi 5.1
vmware fusion 6.0.2
vmware workstation 10.0.2
vmware fusion 6.0.4
vmware fusion 6.0.3
vmware player 6.0.4
vmware workstation 10.0.4
vmware player 6.0
vmware esxi 5.5
vmware player 6.0.3
vmware fusion 6.0
vmware fusion 6.0.1
vmware esxi 5.0
vmware player 6.0.1
vmware player 6.0.2
vmware workstation 10.0
CVE-2014-8371 MEDIUM

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
vmware vcenter_server_appliance 5.1
vmware vcenter_server_appliance 5.0
vmware vcenter_server_appliance 5.5
CVE-2014-8372 MEDIUM

AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware airwatch 7.3.0.0
vmware airwatch *
CVE-2014-8373 HIGH

The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware vcloud_automation_center 6.1.1
vmware vcloud_automation_center 6.1
vmware vcloud_automation_center 6.0.1.2
vmware vcloud_automation_center 6.0.1
vmware vcloud_automation_center 6.0.1.1
CVE-2014-9649 MEDIUM

Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware rabbitmq 2.8.1
vmware rabbitmq 3.2.0
vmware rabbitmq 2.5.0
vmware rabbitmq 2.2.0
vmware rabbitmq 2.6.0
vmware rabbitmq 2.8.7
vmware rabbitmq 3.3.1
vmware rabbitmq 2.6.1
vmware rabbitmq 3.1.4
vmware rabbitmq 3.0.1
vmware rabbitmq 3.3.5
vmware rabbitmq 2.3.1
vmware rabbitmq 3.1.2
vmware rabbitmq 3.0.4
vmware rabbitmq 3.1.5
vmware rabbitmq 3.3.3
vmware rabbitmq 2.1.1
vmware rabbitmq 2.8.3
vmware rabbitmq 2.8.2
vmware rabbitmq 2.8.4
vmware rabbitmq 3.1.1
vmware rabbitmq 3.3.0
vmware rabbitmq 3.3.4
vmware rabbitmq 2.7.1
vmware rabbitmq 2.8.6
vmware rabbitmq 3.3.2
vmware rabbitmq 2.5.1
vmware rabbitmq 3.0.2
vmware rabbitmq 2.3.0
vmware rabbitmq 3.1.3
vmware rabbitmq 3.0.3
vmware rabbitmq 2.4.0
vmware rabbitmq 3.2.1
vmware rabbitmq 2.8.5
vmware rabbitmq 3.0.0
vmware rabbitmq 2.1.0
vmware rabbitmq 3.4.0
vmware rabbitmq 2.4.1
vmware rabbitmq 2.7.0
vmware rabbitmq 2.8.0
vmware rabbitmq 3.1.0
vmware rabbitmq 3.2.3
vmware rabbitmq 3.2.2
vmware rabbitmq 3.2.4
CVE-2014-9650 MEDIUM

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware rabbitmq 2.8.1
vmware rabbitmq 3.2.0
vmware rabbitmq 2.5.0
vmware rabbitmq 2.2.0
vmware rabbitmq 2.6.0
vmware rabbitmq 2.8.7
vmware rabbitmq 3.3.1
vmware rabbitmq 2.6.1
vmware rabbitmq 3.1.4
vmware rabbitmq 3.0.1
vmware rabbitmq 3.3.5
vmware rabbitmq 2.3.1
vmware rabbitmq 3.1.2
vmware rabbitmq 3.0.4
vmware rabbitmq 3.1.5
vmware rabbitmq 3.3.3
vmware rabbitmq 2.1.1
vmware rabbitmq 2.8.3
vmware rabbitmq 2.8.2
vmware rabbitmq 2.8.4
vmware rabbitmq 3.1.1
vmware rabbitmq 3.3.0
vmware rabbitmq 3.3.4
vmware rabbitmq 2.7.1
vmware rabbitmq 2.8.6
vmware rabbitmq 3.3.2
vmware rabbitmq 2.5.1
vmware rabbitmq 3.0.2
vmware rabbitmq 2.3.0
vmware rabbitmq 3.1.3
vmware rabbitmq 3.0.3
vmware rabbitmq 2.4.0
vmware rabbitmq 3.2.1
vmware rabbitmq 2.8.5
vmware rabbitmq 3.0.0
vmware rabbitmq 2.1.0
vmware rabbitmq 3.4.0
vmware rabbitmq 2.4.1
vmware rabbitmq 2.7.0
vmware rabbitmq 2.8.0
vmware rabbitmq 3.1.0
vmware rabbitmq 3.2.3
vmware rabbitmq 3.2.2
vmware rabbitmq 3.2.4
CVE-2015-0201 MEDIUM

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
pivotal_software spring_framework 4.1.0
vmware spring_framework 4.1.2
vmware spring_framework 4.1.3
vmware spring_framework 4.1.1
vmware spring_framework 4.1.4
CVE-2015-1043 LOW

The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware workstation 10.0.1
vmware workstation 10.0.3
vmware fusion 6.0.2
vmware workstation 10.0.2
vmware fusion 6.0.4
vmware fusion 6.0.3
vmware player 6.0.4
vmware workstation 10.0.4
vmware player 6.0
vmware player 6.0.3
vmware fusion 7.0
vmware fusion 6.0
vmware fusion 6.0.1
vmware player 6.0.1
vmware player 6.0.2
vmware workstation 10.0
CVE-2015-1044 LOW

vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware workstation 10.0.1
vmware workstation 10.0.3
vmware esxi 5.1
vmware workstation 10.0.2
vmware player 6.0.4
vmware workstation 10.0.4
vmware player 6.0
vmware esxi 5.5
vmware player 6.0.3
vmware esxi 5.0
vmware player 6.0.1
vmware player 6.0.2
vmware workstation 10.0
CVE-2015-1047 MEDIUM

vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware vcenter_server 5.1
vmware vcenter_server 5.0
vmware vcenter_server 5.5
CVE-2015-2336 MEDIUM

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
vmware horizon_client 3.2.0
vmware workstation 10.0.1
vmware workstation 10.0.2
vmware workstation 11.1
vmware fusion 6.0.3
vmware player 6.0.4
vmware player 6.0
vmware player 6.0.3
vmware fusion 7.0
vmware fusion 6.0
vmware fusion 6.0.1
vmware horizon_view_client 5.4.1
vmware player 6.0.2
vmware workstation 11.0
vmware horizon_view_client 5.4
vmware workstation 10.0.3
vmware fusion 6.0.5
vmware fusion 6.0.2
vmware fusion 6.0.4
vmware player 7.1
vmware player 7.0
vmware workstation 10.0.4
vmware workstation 10.0.5
vmware horizon_client 3.3
vmware fusion 7.0.1
vmware player 6.0.5
vmware player 6.0.1
vmware workstation 10.0
CVE-2015-2337 MEDIUM

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
vmware horizon_client 3.2.0
vmware workstation 10.0.1
vmware workstation 10.0.2
vmware workstation 11.1
vmware fusion 6.0.3
vmware player 6.0.4
vmware player 6.0
vmware player 6.0.3
vmware fusion 7.0
vmware fusion 6.0
vmware fusion 6.0.1
vmware horizon_view_client 5.4.1
vmware player 6.0.2
vmware workstation 11.0
vmware horizon_view_client 5.4
vmware workstation 10.0.3
vmware fusion 6.0.5
vmware fusion 6.0.2
vmware fusion 6.0.4
vmware player 7.1
vmware player 7.0
vmware workstation 10.0.4
vmware workstation 10.0.5
vmware horizon_client 3.3
vmware fusion 7.0.1
vmware player 6.0.5
vmware player 6.0.1
vmware workstation 10.0
CVE-2015-2338 MEDIUM

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2339.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
vmware horizon_client 3.2.0
vmware workstation 10.0.1
vmware workstation 10.0.2
vmware workstation 11.1
vmware fusion 6.0.3
vmware player 6.0.4
vmware player 6.0
vmware player 6.0.3
vmware fusion 7.0
vmware fusion 6.0
vmware fusion 6.0.1
vmware horizon_view_client 5.4.1
vmware player 6.0.2
vmware workstation 11.0
vmware horizon_view_client 5.4
vmware workstation 10.0.3
vmware fusion 6.0.5
vmware fusion 6.0.2
vmware fusion 6.0.4
vmware player 7.1
vmware player 7.0
vmware workstation 10.0.4
vmware workstation 10.0.5
vmware horizon_client 3.3
vmware fusion 7.0.1
vmware player 6.0.5
vmware player 6.0.1
vmware workstation 10.0
CVE-2015-2339 MEDIUM

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2338.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
vmware horizon_client 3.2.0
vmware workstation 10.0.1
vmware workstation 10.0.2
vmware workstation 11.1
vmware fusion 6.0.3
vmware player 6.0.4
vmware player 6.0
vmware player 6.0.3
vmware fusion 7.0
vmware fusion 6.0
vmware fusion 6.0.1
vmware horizon_view_client 5.4.1
vmware player 6.0.2
vmware workstation 11.0
vmware horizon_view_client 5.4
vmware workstation 10.0.3
vmware fusion 6.0.5
vmware fusion 6.0.2
vmware fusion 6.0.4
vmware player 7.1
vmware player 7.0
vmware workstation 10.0.4
vmware workstation 10.0.5
vmware horizon_client 3.3
vmware fusion 7.0.1
vmware player 6.0.5
vmware player 6.0.1
vmware workstation 10.0
CVE-2015-2340 MEDIUM

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
vmware horizon_client 3.2.0
vmware workstation 10.0.1
vmware workstation 10.0.2
vmware workstation 11.1
vmware fusion 6.0.3
vmware player 6.0.4
vmware player 6.0
vmware player 6.0.3
vmware fusion 7.0
vmware fusion 6.0
vmware fusion 6.0.1
vmware horizon_view_client 5.4.1
vmware player 6.0.2
vmware workstation 11.0
vmware horizon_view_client 5.4
vmware workstation 10.0.3
vmware fusion 6.0.5
vmware fusion 6.0.2
vmware fusion 6.0.4
vmware player 7.1
vmware player 7.0
vmware workstation 10.0.4
vmware workstation 10.0.5
vmware horizon_client 3.3
vmware fusion 7.0.1
vmware player 6.0.5
vmware player 6.0.1
vmware workstation 10.0
CVE-2015-2341 HIGH

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware workstation 10.0.1
vmware workstation 10.0.3
vmware fusion 6.0.5
vmware fusion 6.0.2
vmware workstation 10.0.2
vmware fusion 6.0.4
vmware fusion 7.1.0
vmware fusion 6.0.3
vmware player 6.0.4
vmware workstation 10.0.4
vmware player 6.0
vmware player 6.0.3
vmware fusion 7.0
vmware fusion 6.0
vmware fusion 6.0.1
vmware fusion 7.0.1
vmware player 6.0.5
vmware player 6.0.1
vmware fusion 7.1.1
vmware player 6.0.2
vmware workstation 10.0
CVE-2015-2342 HIGH

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware vcenter_server 5.1
vmware vcenter_server 5.0
vmware vcenter_server 5.5
vmware vcenter_server 6.0
CVE-2015-2344 LOW

Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vrealize_automation 6.0.1.1
vmware vrealize_automation 6.2.3
vmware vrealize_automation 6.2.1
vmware vrealize_automation 6.1
vmware vrealize_automation 6.0
vmware vrealize_automation 6.0.1.2
vmware vrealize_automation 6.2
vmware vrealize_automation 6.0.1
vmware vrealize_automation 6.2.2
vmware vrealize_automation 6.1.1
CVE-2015-3192 MEDIUM

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware spring_framework 3.2.3
pivotal_software spring_framework 3.2.0
vmware spring_framework 3.2.11
vmware spring_framework 4.1.2
vmware spring_framework 3.2.4
fedoraproject fedora 21
fedoraproject fedora 22
vmware spring_framework 3.2.9
vmware spring_framework 3.2.1
vmware spring_framework 3.2.13
vmware spring_framework 4.1.5
vmware spring_framework 3.2.5
vmware spring_framework 3.2.8
pivotal_software spring_framework 4.1.0
vmware spring_framework 4.1.3
vmware spring_framework 3.2.7
vmware spring_framework 3.2.12
vmware spring_framework 4.1.1
vmware spring_framework 4.1.6
vmware spring_framework 3.2.10
vmware spring_framework 3.2.2
vmware spring_framework 3.2.6
vmware spring_framework 4.1.4
CVE-2015-3650 HIGH

vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
vmware workstation 10.0.1
vmware workstation 10.0.6
vmware workstation 10.0.2
vmware player 5.0.3
vmware workstation 11.1
vmware player 6.0.4
vmware player 6.0
vmware player 6.0.3
vmware player 5.0.2
vmware horizon_view_client 5.4.1
vmware player 5.0.4
vmware player 6.0.2
vmware workstation 11.0
vmware horizon_view_client 5.4
vmware player 5.0.1
vmware workstation 10.0.3
vmware player 5.0
vmware player 7.1
vmware player 6.0.6
vmware player 7.0
vmware workstation 10.0.4
vmware workstation 10.0.5
vmware player 6.0.5
vmware player 6.0.1
vmware workstation 10.0
CVE-2015-5191 LOW

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
vmware tools *
CVE-2015-5211 HIGH

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-552,

Products Affected

Vendor Product Version
vmware spring_framework 3.2.3
vmware spring_framework 4.0.9
vmware spring_framework 4.1.7
debian debian_linux 8.0
vmware spring_framework 4.1.2
vmware spring_framework 3.2.4
vmware spring_framework 4.0.8
vmware spring_framework 4.1.5
vmware spring_framework 3.2.8
vmware spring_framework 4.0.0
vmware spring_framework 4.0.7
vmware spring_framework 4.1.0
vmware spring_framework 3.2.7
vmware spring_framework 3.2.14
vmware spring_framework 3.2.0
vmware spring_framework 4.1.1
vmware spring_framework 3.2.10
vmware spring_framework 4.0.1
vmware spring_framework 3.2.2
vmware spring_framework 4.1.4
vmware spring_framework 3.2.11
vmware spring_framework 4.2.1
vmware spring_framework 4.0.5
vmware spring_framework 3.2.9
vmware spring_framework 3.2.1
vmware spring_framework 4.0.2
vmware spring_framework 4.0.3
vmware spring_framework 4.0.4
vmware spring_framework 4.0.6
vmware spring_framework 3.2.13
vmware spring_framework 3.2.5
vmware spring_framework 4.2.0
vmware spring_framework 4.1.3
vmware spring_framework 3.2.12
vmware spring_framework 4.1.6
vmware spring_framework 3.2.6
CVE-2015-5258 MEDIUM

Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
fedoraproject fedora 23
vmware spring_social *
CVE-2015-6931 MEDIUM

Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vcenter_server 5.1
vmware vcenter_server 5.0
vmware vcenter_server 5.5
CVE-2015-6932 MEDIUM

VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
vmware vcenter_server 5.5
vmware vcenter_server 6.0
CVE-2015-6933 MEDIUM

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
vmware workstation 11.0
vmware esxi 5.1
vmware player 7.1
vmware workstation 11.1
vmware player 7.0
vmware workstation 11.1.1
vmware esxi 5.5
vmware fusion 7.0
vmware fusion 7.1
vmware esxi 6.0
vmware esxi 5.0
vmware fusion 7.1.1
vmware player 7.1.1
CVE-2015-6934 HIGH

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware vrealize_orchestrator 6.0.3
vmware vrealize_orchestrator 6.0.2
vmware vcenter_orchestrator 5.5.1
vmware vcenter_orchestrator 5.5.2
vmware vrealize_orchestrator 6.0.1
vmware vcenter_orchestrator 5.5
vmware vcenter_orchestrator 5.5.2.1
CVE-2016-0898 MEDIUM

MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,CWE-532,

Products Affected

Vendor Product Version
vmware pivotal_software_mysql 1.7.0.2
vmware pivotal_software_mysql 1.7.2
vmware pivotal_software_mysql 1.7.1
vmware pivotal_software_mysql 1.7.0
vmware pivotal_software_mysql 1.7.0.3
vmware pivotal_software_mysql 1.7.9
vmware pivotal_software_mysql 1.7.8
vmware pivotal_software_mysql 1.7.0.4
vmware pivotal_software_mysql 1.7.4
vmware pivotal_software_mysql 1.7.7
vmware pivotal_software_mysql 1.7.6
vmware pivotal_software_mysql 1.7.3
vmware pivotal_software_mysql 1.7.5
vmware pivotal_software_mysql 1.7.0.1
CVE-2016-1000027 HIGH

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
vmware spring_framework *
CVE-2016-2075 LOW

Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vrealize_business_advanced_and_enterprise 8.0
vmware vrealize_business_advanced_and_enterprise 8.2.2
vmware vrealize_business_advanced_and_enterprise 8.2.4
vmware vrealize_business_advanced_and_enterprise 8.2
vmware vrealize_business_advanced_and_enterprise 8.1
vmware vrealize_business_advanced_and_enterprise 8.2.3
vmware vrealize_business_advanced_and_enterprise 8.0.1
vmware vrealize_business_advanced_and_enterprise 8.2.1
vmware vrealize_business_advanced_and_enterprise 8.0.2
CVE-2016-2076 MEDIUM

Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcloud_director 5.5.5
vmware vcenter_server 5.5
vmware vcloud_automation_identity_appliance 6.2.4
CVE-2016-2077 HIGH

VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware workstation 11.0
vmware player 7.1.2
vmware player 7.1
vmware workstation 11.1
vmware player 7.0
vmware workstation 11.1.1
vmware player 7.1.1
vmware workstation 11.1.2
CVE-2016-2078 MEDIUM

Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vcenter_server 5.1
vmware vcenter_server 5.0
vmware vcenter_server 5.5
vmware vcenter_server 6.0
CVE-2016-2079 MEDIUM

VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware nsx_edge 6.1.1
vmware nsx_edge 6.1.6
vmware nsx_edge 6.2.0
vmware vcloud_networking_and_security_edge 5.5.0
vmware vcloud_networking_and_security_edge 5.5.2.1
vmware vcloud_networking_and_security_edge 5.5.3.1
vmware nsx_edge 6.1.2
vmware nsx_edge 6.1.5
vmware nsx_edge 6.2.1
vmware vcloud_networking_and_security_edge 5.5.3
vmware nsx_edge 6.2.2
vmware vcloud_networking_and_security_edge 5.5.4.2
vmware nsx_edge 6.1.4
vmware vcloud_networking_and_security_edge 5.5.4.1
vmware vcloud_networking_and_security_edge 5.5.4
vmware nsx_edge 6.1.0
CVE-2016-2081 MEDIUM

Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vrealize_log_insight 3.3.1
vmware vrealize_log_insight 2.5
vmware vrealize_log_insight 2.5.1
vmware vrealize_log_insight 2.0
vmware vrealize_log_insight 3.0.1
vmware vrealize_log_insight 3.3
vmware vrealize_log_insight 2.0.5
vmware vrealize_log_insight 3.0
CVE-2016-2082 MEDIUM

Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
vmware vrealize_log_insight 3.3.1
vmware vrealize_log_insight 2.5
vmware vrealize_log_insight 2.5.1
vmware vrealize_log_insight 2.0
vmware vrealize_log_insight 3.0.1
vmware vrealize_log_insight 3.3
vmware vrealize_log_insight 2.0.5
vmware vrealize_log_insight 3.0
CVE-2016-2173 HIGH

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 23
fedoraproject fedora 22
fedoraproject fedora 24
vmware spring_advanced_message_queuing_protocol *
CVE-2016-5007 MEDIUM

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware spring_framework 4.2.4
vmware spring_security 4.0.3
vmware spring_framework 4.0.8
vmware spring_framework 4.1.5
vmware spring_framework 4.2.5
vmware spring_framework 3.2.8
vmware spring_framework 3.2.17
vmware spring_framework 4.0.7
vmware spring_framework 3.2.7
vmware spring_security 3.2.8
vmware spring_framework 3.2.10
vmware spring_security 3.2.4
pivotal_software spring_framework 3.2.0
pivotal_software spring_framework 4.2.0
vmware spring_framework 4.2.8
vmware spring_framework 4.1.8
vmware spring_framework 3.2.11
vmware spring_framework 4.2.1
vmware spring_security 3.2.10
vmware spring_security 3.2.1
vmware spring_framework 3.2.1
vmware spring_framework 3.2.15
vmware spring_framework 4.0.2
vmware spring_framework 4.0.6
vmware spring_framework 4.2.2
vmware spring_framework 3.2.13
vmware spring_security 4.0.4
pivotal_software spring_framework 4.1.0
vmware spring_framework 4.1.3
vmware spring_security 4.0.2
vmware spring_security 3.2.6
vmware spring_framework 4.1.6
vmware spring_framework 3.2.16
pivotal_software spring_framework 4.0.0
vmware spring_framework 3.2.3
vmware spring_framework 4.2.9
vmware spring_framework 4.0.9
vmware spring_framework 4.1.7
vmware spring_framework 4.1.2
vmware spring_framework 3.2.4
vmware spring_security 3.2.0
vmware spring_security 3.2.5
vmware spring_framework 3.2.14
vmware spring_security 4.0.0
vmware spring_framework 4.1.1
vmware spring_framework 4.2.6
vmware spring_framework 4.0.1
vmware spring_framework 3.2.2
vmware spring_framework 4.1.4
vmware spring_security 3.2.2
vmware spring_security 4.0.1
vmware spring_framework 4.0.5
vmware spring_security 3.2.3
vmware spring_framework 3.2.9
vmware spring_framework 4.0.3
vmware spring_framework 4.0.4
vmware spring_framework 4.2.7
vmware spring_framework 4.1.9
vmware spring_framework 4.2.3
vmware spring_security 3.2.9
vmware spring_framework 3.2.5
vmware spring_security 3.2.7
vmware spring_framework 3.2.18
vmware spring_framework 3.2.12
vmware spring_security 4.1.0
vmware spring_framework 3.2.6
CVE-2016-5328 LOW

VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-254,

Products Affected

Vendor Product Version
vmware tools 9.0.10
vmware tools 9.4.11
vmware tools 9.4.10
vmware tools 10.0.6
vmware tools *
vmware tools 9.0.12
vmware tools 9.0.17
vmware tools 10.0.5
vmware tools 9.10.5
vmware tools 9.0.16
vmware tools 9.10.1
vmware tools 9.0.11
vmware tools 9.10.0
vmware tools 10.0.0
vmware tools 9.4.0
vmware tools 9.0.13
vmware tools 9.0.0
vmware tools 9.0.15
vmware tools 9.0.5
vmware tools 9.4.5
vmware tools 9.4.12
vmware tools 9.4.15
vmware tools 9.0.1
CVE-2016-5329 LOW

VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware fusion 8.1.0
vmware fusion 8.0.2
vmware fusion 8.0.1
vmware fusion 8.1.1
vmware fusion 8.0.0
CVE-2016-5330 MEDIUM

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
vmware workstation_pro *
vmware tools *
vmware fusion *
vmware workstation_player *
vmware esxi *
CVE-2016-5331 MEDIUM

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware esxi 6.0
CVE-2016-5332 MEDIUM

Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware vrealize_log_insight 2.5
vmware vrealize_log_insight 2.0
vmware vrealize_log_insight 3.3
vmware vrealize_log_insight 2.0.5
vmware vrealize_log_insight 3.0
CVE-2016-5333 HIGH

VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
vmware photon_os *
CVE-2016-5334 MEDIUM

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
vmware identity_manager *
vmware vrealize_automation *
CVE-2016-5335 HIGH

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware identity_manager *
vmware vrealize_automation *
CVE-2016-5336 HIGH

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vrealize_automation 7.0.1
vmware vrealize_automation 7.0
CVE-2016-7079 MEDIUM

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
vmware tools 9.0.10
vmware tools 9.4.11
vmware tools 9.4.10
vmware tools 10.0.6
vmware tools *
vmware tools 9.0.12
vmware tools 9.0.17
vmware tools 10.0.5
vmware tools 9.10.5
vmware tools 9.0.16
vmware tools 9.10.1
vmware tools 9.0.11
vmware tools 9.10.0
vmware tools 10.0.0
vmware tools 9.4.0
vmware tools 9.0.13
vmware tools 9.0.0
vmware tools 9.0.15
vmware tools 9.0.5
vmware tools 9.4.5
vmware tools 9.4.12
vmware tools 9.4.15
vmware tools 9.0.1
CVE-2016-7080 MEDIUM

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
vmware tools 9.0.10
vmware tools 9.4.11
vmware tools 9.4.10
vmware tools 10.0.6
vmware tools *
vmware tools 9.0.12
vmware tools 9.0.17
vmware tools 10.0.5
vmware tools 9.10.5
vmware tools 9.0.16
vmware tools 9.10.1
vmware tools 9.0.11
vmware tools 9.10.0
vmware tools 10.0.0
vmware tools 9.4.0
vmware tools 9.0.13
vmware tools 9.0.0
vmware tools 9.0.15
vmware tools 9.0.5
vmware tools 9.4.5
vmware tools 9.4.12
vmware tools 9.4.15
vmware tools 9.0.1
CVE-2016-7081 MEDIUM

Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware workstation_player 12.0.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_pro 12.1.1
vmware workstation_player 12.0.1
vmware workstation_pro 12.1.0
vmware workstation_player 12.1.1
CVE-2016-7082 MEDIUM

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware workstation_player 12.0.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_pro 12.1.1
vmware workstation_player 12.0.1
vmware workstation_pro 12.1.0
vmware workstation_player 12.1.1
CVE-2016-7083 MEDIUM

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware workstation_player 12.0.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_pro 12.1.1
vmware workstation_player 12.0.1
vmware workstation_pro 12.1.0
vmware workstation_player 12.1.1
CVE-2016-7084 MEDIUM

tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware workstation_player 12.0.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_pro 12.1.1
vmware workstation_player 12.0.1
vmware workstation_pro 12.1.0
vmware workstation_player 12.1.1
CVE-2016-7085 HIGH

Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
vmware workstation_player 12.0.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_pro 12.1.1
vmware workstation_player 12.0.1
vmware workstation_pro 12.1.0
vmware workstation_player 12.1.1
CVE-2016-7086 HIGH

The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware workstation_player 12.0.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_pro 12.1.1
vmware workstation_player 12.0.1
vmware workstation_pro 12.1.0
vmware workstation_player 12.1.1
CVE-2016-7087 MEDIUM

Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware horizon_view 5.0.1
vmware horizon_view 6.2
vmware horizon_view 5.2.0
vmware horizon_view 5.3
vmware horizon_view 5.1
vmware horizon_view 5.1.3
vmware horizon_view 6.0
vmware horizon_view 7.0
vmware horizon_view 6.1.1
vmware horizon_view 5.0
vmware horizon_view 6.0.2
vmware horizon_view 6.1
CVE-2016-7456 HIGH

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
vmware vsphere_data_protection 5.5.11
vmware vsphere_data_protection 6.0.3
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.1.3
vmware vsphere_data_protection 5.5.8
vmware vsphere_data_protection 6.0.4
vmware vsphere_data_protection 5.5.10
vmware vsphere_data_protection 5.8.3
vmware vsphere_data_protection 6.1.1
vmware vsphere_data_protection 6.0.0
vmware vsphere_data_protection 5.8.1
vmware vsphere_data_protection 5.8.0
vmware vsphere_data_protection 5.5.9
vmware vsphere_data_protection 5.5.1
vmware vsphere_data_protection 5.8.4
vmware vsphere_data_protection 5.5.5
vmware vsphere_data_protection 5.8.2
vmware vsphere_data_protection 6.0.1
vmware vsphere_data_protection 5.5.6
vmware vsphere_data_protection 5.5.7
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.0.2
CVE-2016-7457 HIGH

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
vmware vrealize_operations 6.2.1
vmware vrealize_operations 6.0.0
vmware vrealize_operations 6.1.0
vmware vrealize_operations 6.3.0
vmware vrealize_operations 6.2.0a
CVE-2016-7458 MEDIUM

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
vmware vsphere_client 5.5
vmware vsphere_client 6.0
CVE-2016-7459 MEDIUM

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
vmware vcenter_server 5.0
vmware vcenter_server 5.5
vmware vcenter_server 6.0
CVE-2016-7460 MEDIUM

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
vmware vrealize_automation 6.0.0
vmware vrealize_automation 6.0.1.1
vmware vrealize_automation 6.2.3
vmware vrealize_automation 6.2.0
vmware vrealize_automation 6.2.1
vmware vrealize_automation 6.0.1.2
vmware vrealize_automation 6.2.4
vmware vrealize_automation 6.1.0
vmware vrealize_automation 6.0.1
vmware vrealize_automation 6.2.2
vmware vrealize_automation 6.1.1
CVE-2016-7461 HIGH

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware fusion 8.1.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_pro 12.1.1
vmware workstation_pro 12.5.1
vmware fusion 8.5.1
vmware fusion 8.1.1
vmware fusion_pro 8.1.0
vmware fusion 8.0.2
vmware fusion_pro 8.5.1
vmware workstation_player 12.5.0
vmware workstation_pro 12.1.0
vmware fusion_pro 8.1.1
vmware fusion 8.5.0
vmware fusion_pro 8.0.1
vmware workstation_player 12.0.0
vmware workstation_pro 12.5.0
vmware fusion_pro 8.0.2
vmware workstation_player 12.5.1
vmware workstation_player 12.0.1
vmware fusion 8.0.1
vmware fusion_pro 8.0.0
vmware fusion_pro 8.5.0
vmware workstation_player 12.1.1
vmware fusion 8.0.0
CVE-2016-7462 HIGH

The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,CWE-749,

Products Affected

Vendor Product Version
vmware vrealize_operations 6.2.1
vmware vrealize_operations 6.0.0
vmware vrealize_operations 6.1.0
vmware vrealize_operations 6.3.0
vmware vrealize_operations 6.2.0a
CVE-2016-7463 LOW

Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware esxi 5.5
CVE-2016-9877 HIGH

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
vmware rabbitmq 3.2.0
pivotal_software rabbitmq 1.6.0
pivotal_software rabbitmq 1.6.7
pivotal_software rabbitmq 1.6.2
pivotal_software rabbitmq 1.5.11
vmware rabbitmq 3.4.3
pivotal_software rabbitmq 3.6.5
vmware rabbitmq 3.3.1
vmware rabbitmq 3.1.4
vmware rabbitmq 3.0.1
vmware rabbitmq 3.3.5
pivotal_software rabbitmq 1.5.15
pivotal_software rabbitmq 1.6.5
pivotal_software rabbitmq 1.7.0
vmware rabbitmq 3.5.1
vmware rabbitmq 3.0.4
pivotal_software rabbitmq 3.6.0
vmware rabbitmq 3.3.3
pivotal_software rabbitmq 1.7.2
vmware rabbitmq 3.3.0
pivotal_software rabbitmq 1.5.6
pivotal_software rabbitmq 1.5.4
vmware rabbitmq 3.1.3
vmware rabbitmq 3.0.3
pivotal_software rabbitmq 1.5.2
pivotal_software rabbitmq 1.6.1
pivotal_software rabbitmq 1.6.4
pivotal_software rabbitmq 1.5.9
pivotal_software rabbitmq 1.6.9
pivotal_software rabbitmq 1.7.3
vmware rabbitmq 3.2.3
vmware rabbitmq 3.4.4
vmware rabbitmq 3.2.2
pivotal_software rabbitmq 1.5.14
pivotal_software rabbitmq 3.6.3
vmware rabbitmq 3.5.0
pivotal_software rabbitmq 1.5.10
pivotal_software rabbitmq 3.5.4
pivotal_software rabbitmq 1.5.5
pivotal_software rabbitmq 1.5.12
pivotal_software rabbitmq 1.5.1
pivotal_software rabbitmq 1.5.17
pivotal_software rabbitmq 1.6.3
pivotal_software rabbitmq 1.5.18
vmware rabbitmq 3.1.2
pivotal_software rabbitmq 1.5.0
vmware rabbitmq 3.1.5
pivotal_software rabbitmq 1.7.4
pivotal_software rabbitmq 1.5.7
pivotal_software rabbitmq 1.5.13
pivotal_software rabbitmq 1.5.8
vmware rabbitmq 3.1.1
vmware rabbitmq 3.3.4
vmware rabbitmq 3.4.2
pivotal_software rabbitmq 1.6.8
vmware rabbitmq 3.5.6
vmware rabbitmq 3.3.2
pivotal_software rabbitmq 3.6.1
vmware rabbitmq 3.0.2
pivotal_software rabbitmq 1.6.10
vmware rabbitmq 3.4.1
vmware rabbitmq 3.2.1
vmware rabbitmq 3.5.2
pivotal_software rabbitmq 3.6.2
pivotal_software rabbitmq 1.7.6
vmware rabbitmq 3.0.0
pivotal_software rabbitmq 3.5.5
vmware rabbitmq 3.4.0
pivotal_software rabbitmq 3.5.7
pivotal_software rabbitmq 1.5.3
pivotal_software rabbitmq 1.7.5
pivotal_software rabbitmq 1.6.6
vmware rabbitmq 3.1.0
vmware rabbitmq 3.5.3
pivotal_software rabbitmq 3.6.4
vmware rabbitmq 3.2.4
CVE-2016-9878 MEDIUM

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware spring_framework 3.2.3
vmware spring_framework 4.2.4
vmware spring_framework 3.2.4
vmware spring_framework 4.3.4
vmware spring_framework 4.2.5
vmware spring_framework 3.2.8
vmware spring_framework 3.2.17
vmware spring_framework 3.2.7
vmware spring_framework 3.2.14
vmware spring_framework 4.2.6
vmware spring_framework 3.2.10
vmware spring_framework 3.2.2
pivotal_software spring_framework 4.2.0
vmware spring_framework 4.2.8
vmware spring_framework 3.2.11
vmware spring_framework 4.2.1
vmware spring_framework 3.2.9
vmware spring_framework 3.2.1
vmware spring_framework 3.2.15
vmware spring_framework 4.3.2
vmware spring_framework 4.2.2
vmware spring_framework 4.2.7
vmware spring_framework 4.3.3
vmware spring_framework 3.2.13
vmware spring_framework 4.2.3
vmware spring_framework 3.2.5
vmware spring_framework 4.3.1
pivotal_software spring_framework 4.3.0
pivotal_software spring_framework *
vmware spring_framework 3.2.12
vmware spring_framework 3.2.16
vmware spring_framework 3.2.6
CVE-2016-9879 MEDIUM

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-417,

Products Affected

Vendor Product Version
ibm websphere_application_server 8.5.5.6
ibm websphere_application_server 8.5.5.8
vmware spring_security 3.2.0
ibm websphere_application_server 8.5.0.2
ibm websphere_application_server 8.5.5.9
vmware spring_security 3.2.5
ibm websphere_application_server 8.5.5.2
vmware spring_security 3.2.8
vmware spring_security 4.1.1
ibm websphere_application_server 8.5.0.0
vmware spring_security 3.2.4
vmware spring_security 3.2.2
ibm websphere_application_server 8.5.5.7
vmware spring_security 4.1.3
vmware spring_security 3.2.3
ibm websphere_application_server 8.5.5.5
vmware spring_security 3.2.1
ibm websphere_application_server 8.5.5.1
vmware spring_security 4.1.2
ibm websphere_application_server 8.5.5.3
vmware spring_security 3.2.9
vmware spring_security 3.2.7
ibm websphere_application_server 8.5.5.4
vmware spring_security 3.2.6
ibm websphere_application_server 8.5.0.1
vmware spring_security 4.2.0
ibm websphere_application_server 8.5.5.0
vmware spring_security 4.1.0
CVE-2017-16544 MEDIUM

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
debian debian_linux 8.0
vmware esxi 6.0
canonical ubuntu_linux 16.04
busybox busybox *
redlion n-tron_702-w_firmware *
canonical ubuntu_linux 14.04
vmware esxi 6.5
redlion n-tron_702m12-w_firmware *
debian debian_linux 9.0
vmware esxi 6.7
CVE-2017-4895 MEDIUM

Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware airwatch_inbox -
vmware airwatch_agent -
CVE-2017-4896 LOW

Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware airwatch_inbox -
vmware airwatch_agent -
CVE-2017-4897 HIGH

VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware horizon_daas *
CVE-2017-4898 MEDIUM

VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware workstation_player 12.5.2
vmware workstation_player 12.0.0
vmware workstation_pro 12.5.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_player 12.5.1
vmware workstation_pro 12.5.1
vmware workstation_player 12.0.1
vmware workstation_player 12.5.0
vmware workstation_pro 12.1.0
vmware workstation_pro 12.5.2
CVE-2017-4899 LOW

VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware workstation_player 12.0.0
vmware workstation_pro 12.5.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_player 12.5.0
vmware workstation_player 12.5.1
vmware workstation_pro 12.5.1
vmware workstation_player 12.0.1
vmware workstation_pro 12.1.0
CVE-2017-4900 LOW

VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
vmware workstation_player 12.5.2
vmware workstation_player 12.0.0
vmware workstation_pro 12.5.0
vmware workstation_player 12.1.0
vmware workstation_pro 12.0.0
vmware workstation_pro 12.0.1
vmware workstation_player 12.5.1
vmware workstation_pro 12.5.1
vmware workstation_player 12.0.1
vmware workstation_player 12.5.0
vmware workstation_pro 12.1.0
vmware workstation_pro 12.5.2
CVE-2017-4901 HIGH

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware fusion 8.1.0
vmware fusion 8.5.4
vmware fusion 8.5.0
vmware workstation 12.0.1
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware fusion 8.5.1
vmware workstation 12.5.3
vmware fusion 8.0.1
vmware workstation 12.1.1
vmware fusion 8.1.1
vmware workstation 12.5
vmware fusion 8.5.3
vmware fusion 8.5.2
vmware fusion 8.0.2
vmware workstation 12.1
vmware workstation 12.0
vmware fusion 8.0.0
CVE-2017-4902 HIGH

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware fusion_pro *
vmware workstation_pro *
vmware fusion *
vmware workstation_player *
vmware esxi 6.5
vmware esxi 5.5
CVE-2017-4903 HIGH

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware fusion_pro *
vmware workstation_pro *
vmware esxi 6.0
vmware fusion *
vmware workstation_player *
vmware esxi 6.5
vmware esxi 5.5
CVE-2017-4904 HIGH

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware fusion_pro *
vmware workstation_pro *
vmware esxi 6.0
vmware fusion *
vmware workstation_player *
vmware esxi 6.5
vmware esxi 5.5
CVE-2017-4905 LOW

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-908,

Products Affected

Vendor Product Version
vmware fusion_pro *
vmware workstation_pro *
vmware esxi 6.0
vmware fusion *
vmware workstation_player *
vmware esxi 6.5
vmware esxi 5.5
CVE-2017-4907 HIGH

VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware horizon_view 6.2
vmware unified_access_gateway 2.5
vmware unified_access_gateway 2.8
vmware unified_access_gateway 2.7
vmware horizon_view 6.2.2
vmware unified_access_gateway 2.7.2
vmware horizon_view 6.2.1
vmware unified_access_gateway 2.5.1
vmware horizon_view 6.0
vmware horizon_view 7.0
vmware horizon_view 6.1.1
vmware horizon_view 6.2.3
vmware horizon_view 6.0.2
vmware horizon_view 6.2.4
vmware horizon_view 6.1
CVE-2017-4908 MEDIUM

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware horizon_view 4.0
vmware horizon_view 4.2
vmware workstation 12.5
vmware workstation 12.1
vmware workstation 12.0.1
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware horizon_view 4.1
vmware workstation 12.0
vmware workstation 12.1.1
vmware horizon_view 4.3
CVE-2017-4909 MEDIUM

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware horizon_view 4.0
vmware horizon_view 4.2
vmware workstation 12.5
vmware workstation 12.1
vmware workstation 12.0.1
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware horizon_view 4.1
vmware workstation 12.0
vmware workstation 12.1.1
vmware horizon_view 4.3
CVE-2017-4910 MEDIUM

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware horizon_view 4.0
vmware horizon_view 4.2
vmware workstation 12.5
vmware workstation 12.1
vmware workstation 12.0.1
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware horizon_view 4.1
vmware workstation 12.0
vmware workstation 12.1.1
vmware horizon_view 4.3
CVE-2017-4911 MEDIUM

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware horizon_view 4.0
vmware horizon_view 4.2
vmware workstation 12.5
vmware workstation 12.1
vmware workstation 12.0.1
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware horizon_view 4.1
vmware workstation 12.0
vmware workstation 12.1.1
vmware horizon_view 4.3
CVE-2017-4912 MEDIUM

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware horizon_view 4.0
vmware horizon_view 4.2
vmware workstation 12.5
vmware workstation 12.1
vmware workstation 12.0.1
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware horizon_view 4.1
vmware workstation 12.0
vmware workstation 12.1.1
vmware horizon_view 4.3
CVE-2017-4913 MEDIUM

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
vmware horizon_view 4.0
vmware horizon_view 4.2
vmware workstation 12.5
vmware workstation 12.1
vmware workstation 12.0.1
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware horizon_view 4.1
vmware workstation 12.0
vmware workstation 12.1.1
vmware horizon_view 4.3
CVE-2017-4914 HIGH

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
vmware vsphere_data_protection 5.5.11
vmware vsphere_data_protection 6.0.3
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.1.3
vmware vsphere_data_protection 5.5.8
vmware vsphere_data_protection 6.0.4
vmware vsphere_data_protection 5.5.10
vmware vsphere_data_protection 5.8.3
vmware vsphere_data_protection 6.1.1
vmware vsphere_data_protection 6.0.0
vmware vsphere_data_protection 5.8.1
vmware vsphere_data_protection 5.8.0
vmware vsphere_data_protection 5.5.9
vmware vsphere_data_protection 5.5.1
vmware vsphere_data_protection 5.8.4
vmware vsphere_data_protection 5.5.5
vmware vsphere_data_protection 5.8.2
vmware vsphere_data_protection 6.0.1
vmware vsphere_data_protection 5.5.6
vmware vsphere_data_protection 5.5.7
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.0.2
CVE-2017-4915 HIGH

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vmware workstation_player 12.0.0
vmware workstation_pro 12.0.0
CVE-2017-4916 MEDIUM

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
vmware workstation_player 12.0.0
vmware workstation_pro 12.0.0
CVE-2017-4917 MEDIUM

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
vmware vsphere_data_protection 5.5.11
vmware vsphere_data_protection 6.0.3
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.1.3
vmware vsphere_data_protection 5.5.8
vmware vsphere_data_protection 6.0.4
vmware vsphere_data_protection 5.5.10
vmware vsphere_data_protection 5.8.3
vmware vsphere_data_protection 6.1.1
vmware vsphere_data_protection 6.0.0
vmware vsphere_data_protection 5.8.1
vmware vsphere_data_protection 5.8.0
vmware vsphere_data_protection 5.5.9
vmware vsphere_data_protection 5.8.4
vmware vsphere_data_protection 5.5.5
vmware vsphere_data_protection 5.8.2
vmware vsphere_data_protection 6.0.1
vmware vsphere_data_protection 5.5.6
vmware vsphere_data_protection 5.5.7
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.0.2
CVE-2017-4918 HIGH

VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
vmware horizon_view 4.3.0
vmware horizon_view 4.0.1
vmware horizon_view 3.3
vmware horizon_view 4.1.0
vmware horizon_view 3.0
vmware horizon_view 4.2.0
vmware horizon_view 2.3
vmware horizon_view 4.4.0
vmware horizon_view 3.1
vmware horizon_view 3.2
vmware horizon_view 4.0.0
vmware horizon_view 2.1
vmware horizon_view 2.2
vmware horizon_view 2.0
CVE-2017-4919 MEDIUM

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 5.5
vmware vcenter_server 6.0
CVE-2017-4920 HIGH

The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
vmware nsx-v_edge *
CVE-2017-4921 MEDIUM

VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
CVE-2017-4922 MEDIUM

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
CVE-2017-4923 MEDIUM

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-522,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
CVE-2017-4924 HIGH

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware workstation_pro *
vmware fusion *
vmware esxi 6.5
CVE-2017-4925 LOW

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
vmware workstation_pro *
vmware esxi 6.0
vmware fusion *
vmware esxi 6.5
vmware esxi 5.5
vmware workstation *
CVE-2017-4926 LOW

VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
CVE-2017-4927 MEDIUM

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-90,

Products Affected

Vendor Product Version
vmware vcenter_server *
CVE-2017-4928 MEDIUM

The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-918,

Products Affected

Vendor Product Version
vmware vcenter_server 5.5
vmware vcenter_server 6.0
CVE-2017-4929 MEDIUM

VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware nsx_edge 6.3.1
vmware nsx_edge 6.3.2
vmware nsx_edge 6.2.0
vmware nsx_edge 6.2.8
vmware nsx_edge 6.2.5
vmware nsx_edge 6.3.0
vmware nsx_edge 6.2.1
vmware nsx_edge 6.3.4
vmware nsx_edge 6.2.2
vmware nsx_edge 6.2.4
vmware nsx_edge 6.2.7
vmware nsx_edge 6.2.3
vmware nsx_edge 6.2.6
vmware nsx_edge 6.3.3
CVE-2017-4930 LOW

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware airwatch *
CVE-2017-4931 MEDIUM

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware airwatch *
CVE-2017-4932 MEDIUM

VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware airwatch_launcher *
CVE-2017-4933 MEDIUM

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware workstation_pro 14.1.0
vmware workstation_pro *
vmware fusion *
vmware workstation_pro 14.0
vmware esxi 6.5
CVE-2017-4934 HIGH

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware fusion 8.5.6
vmware fusion 8.1.0
vmware fusion 8.5.4
vmware workstation 12.5.4
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware fusion 8.5.1
vmware workstation 12.5.3
vmware workstation 12.5.6
vmware fusion 8.1.1
vmware workstation 12.0.0
vmware workstation 12.5.5
vmware workstation 12.5
vmware fusion 8.5.3
vmware fusion 8.0.2
vmware workstation 12.1
vmware workstation 12.5.7
vmware fusion 8.5.0
vmware fusion 8.5.7
vmware workstation 12.0.1
vmware fusion 8.5.8
vmware fusion 8.0.1
vmware workstation 12.1.1
vmware fusion 8.5.2
vmware fusion 8.5.5
vmware fusion 8.0.0
CVE-2017-4935 MEDIUM

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware horizon_view 4.2
vmware horizon_view 4.5
vmware horizon_view 4.0.1
vmware workstation 12.5.4
vmware workstation 12.0.1
vmware horizon_view 4.6
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware workstation 12.5.3
vmware horizon_view 4.1
vmware workstation 12.1.1
vmware workstation 12.5.6
vmware workstation 12.0.0
vmware horizon_view 4.4
vmware workstation 12.5.5
vmware workstation 12.5
vmware workstation 12.1
vmware horizon_view 4.0.0
vmware workstation 12.5.7
vmware horizon_view 4.3
CVE-2017-4936 MEDIUM

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware horizon_view 4.2
vmware horizon_view 4.5
vmware horizon_view 4.0.1
vmware workstation 12.5.4
vmware workstation 12.0.1
vmware horizon_view 4.6
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware workstation 12.5.3
vmware horizon_view 4.1
vmware workstation 12.1.1
vmware workstation 12.5.6
vmware workstation 12.0.0
vmware horizon_view 4.4
vmware workstation 12.5.5
vmware workstation 12.5
vmware workstation 12.1
vmware horizon_view 4.0.0
vmware workstation 12.5.7
vmware horizon_view 4.3
CVE-2017-4937 MEDIUM

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware horizon_view 4.2
vmware horizon_view 4.5
vmware horizon_view 4.0.1
vmware workstation 12.5.4
vmware workstation 12.0.1
vmware horizon_view 4.6
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware workstation 12.5.3
vmware horizon_view 4.1
vmware workstation 12.1.1
vmware workstation 12.5.6
vmware workstation 12.0.0
vmware horizon_view 4.4
vmware workstation 12.5.5
vmware workstation 12.5
vmware workstation 12.1
vmware horizon_view 4.0.0
vmware workstation 12.5.7
vmware horizon_view 4.3
CVE-2017-4938 LOW

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
vmware fusion 8.5.6
vmware fusion 8.1.0
vmware fusion 8.5.4
vmware workstation 12.5.4
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware fusion 8.5.1
vmware workstation 12.5.3
vmware workstation 12.5.6
vmware fusion 8.1.1
vmware workstation 12.0.0
vmware workstation 12.5.5
vmware workstation 12.5
vmware fusion 8.5.3
vmware fusion 8.0.2
vmware workstation 12.1
vmware workstation 12.5.7
vmware fusion 8.5.0
vmware fusion 8.5.7
vmware workstation 12.0.1
vmware fusion 8.5.8
vmware fusion 8.0.1
vmware workstation 12.1.1
vmware fusion 8.5.2
vmware fusion 8.5.5
vmware fusion 8.0.0
CVE-2017-4939 MEDIUM

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
vmware workstation 12.5.5
vmware workstation 12.5.4
vmware workstation 12.5.0
vmware workstation 12.0.1
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware workstation 12.5.3
vmware workstation 12.1.1
vmware workstation 12.5.6
vmware workstation 12.5.7
vmware workstation 12.0.0
CVE-2017-4940 MEDIUM

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware esxi 6.5
vmware esxi 5.5
CVE-2017-4941 MEDIUM

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware fusion *
vmware esxi 5.5
vmware workstation *
CVE-2017-4942 MEDIUM

VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware airwatch_console *
CVE-2017-4943 HIGH

VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
CVE-2017-4945 LOW

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware fusion 8.5.6
vmware fusion 8.5.4
vmware workstation 12.5.8
vmware fusion 8.5.9
vmware workstation 12.5.9
vmware workstation 12.5.4
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware fusion 8.5.1
vmware workstation 12.5.3
vmware workstation 12.5.6
vmware fusion 8.1.1
vmware workstation 12.0.0
vmware workstation 12.5.5
vmware workstation 12.5
vmware fusion 8.5.3
vmware fusion 8.0.2
vmware workstation 12.1
vmware workstation 12.5.7
vmware fusion 10.0.1
vmware fusion 8.5.10
vmware fusion 10.1.0
vmware fusion 8.5.7
vmware workstation 12.0.1
vmware fusion 8.5.8
vmware fusion 8.0
vmware fusion 8.0.1
vmware workstation 12.1.1
vmware fusion 8.1
vmware fusion 8.5.2
vmware fusion 10.1.1
vmware workstation 12.5.0
vmware fusion 8.5.5
vmware workstation 14.0
vmware fusion 8.5
vmware fusion 10.0
CVE-2017-4946 HIGH

The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vmware vrealize_operations_for_horizon *
vmware vrealize_operations_for_published_applications *
CVE-2017-4947 HIGH

VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
vmware vrealize_automation 7.2.0
vmware vrealize_automation 7.3.0
vmware vsphere_integrated_containers *
CVE-2017-4948 MEDIUM

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-200,

Products Affected

Vendor Product Version
vmware horizon_view *
vmware workstation 12.5.8
vmware workstation 12.5.9
vmware workstation 12.5.4
vmware workstation 12.0.1
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware workstation 12.5.3
vmware workstation 12.1.1
vmware workstation 12.5.6
vmware workstation 12.0.0
vmware workstation 12.5.5
vmware workstation 12.5
vmware workstation 12.1
vmware workstation 12.5.0
vmware workstation 14.0
vmware workstation 12.5.7
CVE-2017-4949 MEDIUM

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2017-4950 MEDIUM

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2017-4951 MEDIUM

VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
vmware airwatch *
CVE-2017-4952 MEDIUM

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
vmware xenon 1.5.7_7
vmware xenon 1.3.7
vmware xenon 1.4.2
vmware xenon 1.5.4_8
vmware xenon 1.5.4
vmware xenon *
vmware xenon 1.1.0
CVE-2017-4965 MEDIUM

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
pivotal_software rabbitmq 1.6.0
pivotal_software rabbitmq 1.6.7
pivotal_software rabbitmq 1.6.2
broadcom rabbitmq_server 3.5.2
pivotal_software rabbitmq 1.5.11
vmware rabbitmq 3.4.3
pivotal_software rabbitmq 3.6.5
pivotal_software rabbitmq 1.5.15
pivotal_software rabbitmq 1.6.5
pivotal_software rabbitmq 1.7.0
pivotal_software rabbitmq 1.6.15
vmware rabbitmq 3.5.1
pivotal_software rabbitmq 3.6.0
pivotal_software rabbitmq 1.7.2
vmware rabbitmq 3.6.7
pivotal_software rabbitmq 1.7.13
broadcom rabbitmq_server 3.5.3
pivotal_software rabbitmq 1.5.6
pivotal_software rabbitmq 1.5.4
pivotal_software rabbitmq 1.7.14
pivotal_software rabbitmq 1.5.2
pivotal_software rabbitmq 1.6.1
pivotal_software rabbitmq 3.6.6
pivotal_software rabbitmq 1.6.4
pivotal_software rabbitmq 1.5.9
pivotal_software rabbitmq 1.6.9
pivotal_software rabbitmq 1.7.3
broadcom rabbitmq_server 3.4.0
vmware rabbitmq 3.4.4
pivotal_software rabbitmq 1.5.14
pivotal_software rabbitmq 3.6.3
vmware rabbitmq 3.5.0
pivotal_software rabbitmq 1.6.12
pivotal_software rabbitmq 1.6.14
broadcom rabbitmq_server 3.5.6
pivotal_software rabbitmq 1.5.10
pivotal_software rabbitmq 3.5.4
broadcom rabbitmq_server 3.4.3
pivotal_software rabbitmq 1.5.5
pivotal_software rabbitmq 1.5.12
pivotal_software rabbitmq 1.5.1
pivotal_software rabbitmq 1.5.17
pivotal_software rabbitmq 1.7.10
pivotal_software rabbitmq 1.6.3
pivotal_software rabbitmq 1.5.18
broadcom rabbitmq_server 3.4.4
pivotal_software rabbitmq 1.5.0
pivotal_software rabbitmq 1.7.4
pivotal_software rabbitmq 1.5.7
pivotal_software rabbitmq 1.5.13
pivotal_software rabbitmq 1.6.13
pivotal_software rabbitmq 1.5.8
broadcom rabbitmq_server 3.5.1
broadcom rabbitmq_server 3.4.2
vmware rabbitmq 3.4.2
pivotal_software rabbitmq 1.6.8
pivotal_software rabbitmq 1.7.7
vmware rabbitmq 3.5.6
broadcom rabbitmq_server 3.6.7
pivotal_software rabbitmq 3.6.1
pivotal_software rabbitmq 1.6.10
vmware rabbitmq 3.4.1
vmware rabbitmq 3.5.2
pivotal_software rabbitmq 1.5.19
pivotal_software rabbitmq 1.7.8
pivotal_software rabbitmq 3.6.2
pivotal_software rabbitmq 1.7.6
pivotal_software rabbitmq 1.7.9
pivotal_software rabbitmq 3.5.5
vmware rabbitmq 3.4.0
pivotal_software rabbitmq 3.5.7
pivotal_software rabbitmq 1.5.3
pivotal_software rabbitmq 1.7.5
pivotal_software rabbitmq 1.6.16
pivotal_software rabbitmq 1.6.6
vmware rabbitmq 3.5.3
broadcom rabbitmq_server 3.4.1
debian debian_linux 9.0
broadcom rabbitmq_server 3.5.0
pivotal_software rabbitmq 3.6.4
CVE-2017-4966 LOW

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
pivotal_software rabbitmq 1.6.0
pivotal_software rabbitmq 1.6.7
pivotal_software rabbitmq 1.6.2
broadcom rabbitmq_server 3.5.2
pivotal_software rabbitmq 1.5.11
vmware rabbitmq 3.4.3
pivotal_software rabbitmq 3.6.5
pivotal_software rabbitmq 1.5.15
pivotal_software rabbitmq 1.6.5
pivotal_software rabbitmq 1.7.0
pivotal_software rabbitmq 1.6.15
vmware rabbitmq 3.5.1
pivotal_software rabbitmq 3.6.0
pivotal_software rabbitmq 1.7.2
vmware rabbitmq 3.6.7
pivotal_software rabbitmq 1.7.13
broadcom rabbitmq_server 3.5.3
pivotal_software rabbitmq 1.5.6
pivotal_software rabbitmq 1.5.4
pivotal_software rabbitmq 1.7.14
pivotal_software rabbitmq 1.5.2
pivotal_software rabbitmq 1.6.1
pivotal_software rabbitmq 3.6.6
pivotal_software rabbitmq 1.6.4
pivotal_software rabbitmq 1.5.9
pivotal_software rabbitmq 1.6.9
pivotal_software rabbitmq 1.7.3
broadcom rabbitmq_server 3.4.0
vmware rabbitmq 3.4.4
pivotal_software rabbitmq 1.5.14
pivotal_software rabbitmq 3.6.3
vmware rabbitmq 3.5.0
pivotal_software rabbitmq 1.6.12
pivotal_software rabbitmq 1.6.14
broadcom rabbitmq_server 3.5.6
pivotal_software rabbitmq 1.5.10
pivotal_software rabbitmq 3.5.4
broadcom rabbitmq_server 3.4.3
pivotal_software rabbitmq 1.5.5
pivotal_software rabbitmq 1.5.12
pivotal_software rabbitmq 1.5.1
pivotal_software rabbitmq 1.5.17
pivotal_software rabbitmq 1.7.10
pivotal_software rabbitmq 1.6.3
pivotal_software rabbitmq 1.5.18
broadcom rabbitmq_server 3.4.4
pivotal_software rabbitmq 1.5.0
pivotal_software rabbitmq 1.7.4
pivotal_software rabbitmq 1.5.7
pivotal_software rabbitmq 1.5.13
pivotal_software rabbitmq 1.6.13
pivotal_software rabbitmq 1.5.8
broadcom rabbitmq_server 3.5.1
broadcom rabbitmq_server 3.4.2
vmware rabbitmq 3.4.2
pivotal_software rabbitmq 1.6.8
pivotal_software rabbitmq 1.7.7
vmware rabbitmq 3.5.6
broadcom rabbitmq_server 3.6.7
pivotal_software rabbitmq 3.6.1
pivotal_software rabbitmq 1.6.10
vmware rabbitmq 3.4.1
vmware rabbitmq 3.5.2
pivotal_software rabbitmq 1.5.19
pivotal_software rabbitmq 1.7.8
pivotal_software rabbitmq 3.6.2
pivotal_software rabbitmq 1.7.6
pivotal_software rabbitmq 1.7.9
pivotal_software rabbitmq 3.5.5
vmware rabbitmq 3.4.0
pivotal_software rabbitmq 3.5.7
pivotal_software rabbitmq 1.5.3
pivotal_software rabbitmq 1.7.5
pivotal_software rabbitmq 1.6.16
pivotal_software rabbitmq 1.6.6
vmware rabbitmq 3.5.3
broadcom rabbitmq_server 3.4.1
debian debian_linux 9.0
broadcom rabbitmq_server 3.5.0
pivotal_software rabbitmq 3.6.4
CVE-2017-4967 MEDIUM

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
pivotal_software rabbitmq 1.6.0
pivotal_software rabbitmq 1.6.7
pivotal_software rabbitmq 1.6.2
broadcom rabbitmq_server 3.5.2
pivotal_software rabbitmq 1.5.11
vmware rabbitmq 3.4.3
pivotal_software rabbitmq 3.6.5
pivotal_software rabbitmq 1.5.15
pivotal_software rabbitmq 1.6.5
pivotal_software rabbitmq 1.7.0
pivotal_software rabbitmq 1.6.15
vmware rabbitmq 3.5.1
pivotal_software rabbitmq 3.6.0
pivotal_software rabbitmq 1.7.2
vmware rabbitmq 3.6.7
pivotal_software rabbitmq 1.7.13
broadcom rabbitmq_server 3.5.3
pivotal_software rabbitmq 1.5.6
pivotal_software rabbitmq 1.5.4
pivotal_software rabbitmq 1.7.14
pivotal_software rabbitmq 1.5.2
pivotal_software rabbitmq 1.6.1
pivotal_software rabbitmq 3.6.6
pivotal_software rabbitmq 1.6.4
pivotal_software rabbitmq 1.5.9
pivotal_software rabbitmq 1.6.9
pivotal_software rabbitmq 1.7.3
broadcom rabbitmq_server 3.4.0
vmware rabbitmq 3.4.4
pivotal_software rabbitmq 1.5.14
pivotal_software rabbitmq 3.6.3
vmware rabbitmq 3.5.0
pivotal_software rabbitmq 1.6.12
pivotal_software rabbitmq 1.6.14
broadcom rabbitmq_server 3.5.6
pivotal_software rabbitmq 1.5.10
pivotal_software rabbitmq 3.5.4
broadcom rabbitmq_server 3.4.3
pivotal_software rabbitmq 1.5.5
pivotal_software rabbitmq 1.5.12
pivotal_software rabbitmq 1.5.1
pivotal_software rabbitmq 1.5.17
pivotal_software rabbitmq 1.7.10
pivotal_software rabbitmq 1.6.3
pivotal_software rabbitmq 1.5.18
broadcom rabbitmq_server 3.4.4
pivotal_software rabbitmq 1.5.0
pivotal_software rabbitmq 1.7.4
pivotal_software rabbitmq 1.5.7
pivotal_software rabbitmq 1.5.13
pivotal_software rabbitmq 1.6.13
pivotal_software rabbitmq 1.5.8
broadcom rabbitmq_server 3.5.1
broadcom rabbitmq_server 3.4.2
vmware rabbitmq 3.4.2
pivotal_software rabbitmq 1.6.8
pivotal_software rabbitmq 1.7.7
vmware rabbitmq 3.5.6
broadcom rabbitmq_server 3.6.7
pivotal_software rabbitmq 3.6.1
pivotal_software rabbitmq 1.6.10
vmware rabbitmq 3.4.1
vmware rabbitmq 3.5.2
pivotal_software rabbitmq 1.5.19
pivotal_software rabbitmq 1.7.8
pivotal_software rabbitmq 3.6.2
pivotal_software rabbitmq 1.7.6
pivotal_software rabbitmq 1.7.9
pivotal_software rabbitmq 3.5.5
vmware rabbitmq 3.4.0
pivotal_software rabbitmq 3.5.7
pivotal_software rabbitmq 1.5.3
pivotal_software rabbitmq 1.7.5
pivotal_software rabbitmq 1.6.16
pivotal_software rabbitmq 1.6.6
vmware rabbitmq 3.5.3
broadcom rabbitmq_server 3.4.1
debian debian_linux 9.0
broadcom rabbitmq_server 3.5.0
pivotal_software rabbitmq 3.6.4
CVE-2017-4995 MEDIUM

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
vmware spring_security 5.0.0
vmware spring_security 4.2.2
vmware spring_security 4.2.0
vmware spring_security 4.2.1
CVE-2017-5753 MEDIUM

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
intel xeon_e3_1125c -
intel pentium_n n3700
intel xeon x3480
intel xeon_gold 6136
intel xeon_e3_1286l_v3 -
intel xeon_e5_2648l -
intel core_i5 8600k
intel xeon_e5_2603_v3 -
intel core_i7 2677m
intel xeon_e5_2650 -
intel core_i7 3517ue
intel core_i7 5750hq
intel xeon_e5_2403_v2 -
suse suse_linux_enterprise_server 12
intel xeon_e3_1505l_v5 -
intel core_i7 4785t
intel xeon_e3_1240 -
intel core_i7 640um
intel core_i7 920xm
intel xeon l5640
intel xeon_e5_1620_v3 -
phoenixcontact bl_bpc_2001_firmware -
intel core_i5 4260u
intel atom_x7-e3950 -
intel core_i5 3427u
intel atom_c c2550
intel core_i5 6500t
intel xeon_phi 7230
intel core_i3 4160t
intel xeon e7530
phoenixcontact bl2_ppc_7000_firmware -
intel celeron_j j1850
intel xeon_e7 4830_v2
intel xeon_e7 4870_v2
intel core_i5 3360m
intel xeon_e5_2637_v2 -
intel xeon_phi 7290f
arm neoverse_n1_firmware -
intel core_i7 4700hq
intel xeon l5638
intel xeon_e3_1285_v6 -
intel xeon_gold 6138t
intel xeon w3670
intel xeon_e-1105c -
intel core_i3 2310m
intel core_i3 4330
intel core_i7 970
intel core_i7 4850hq
intel xeon_e7 2870_v2
intel xeon_e5_2430l -
intel xeon_e5 2660
intel xeon_e5_2620 -
intel xeon_e7 8894_v4
intel core_i5 4300u
intel core_i7 4800mq
intel xeon_gold 6130t
intel xeon_e7 4850_v2
phoenixcontact dl_ppc18.5m_7000_firmware -
intel xeon_e3_1280_v6 -
intel core_i5 3317u
intel atom_z z2580
intel core_i7 2820qm
intel core_i5 3450s
intel xeon_platinum 8176f
intel xeon_gold 6140
oracle local_service_management_system 13.1
intel core_i5 4200h
intel xeon_e3_1278l_v4 -
intel atom_z z3736g
phoenixcontact el_ppc_1000_firmware -
intel core_i3 4350
intel core_i7 4610y
intel xeon_e5_2470 -
intel xeon_e5 4610_v2
intel xeon_e5_2618l_v3 -
intel core_i7 4558u
intel xeon_phi 7210
intel xeon e5645
intel xeon_e3_1275_v3 -
intel xeon_e7 8870_v3
intel core_i3 4150
intel xeon_gold 6138
intel core_i7 4702hq
intel core_i5 2435m
intel atom_z z3785
intel xeon_e3_1270_v3 -
intel core_i5 4220y
intel core_m 5y51
intel pentium_j j4205
intel xeon_e5_2618l_v2 -
intel core_i3 6157u
intel pentium_n n3530
intel core_i5 4422e
intel core_i7 8700k
phoenixcontact bl2_ppc_2000_firmware -
intel xeon_e3_1230_v5 -
intel xeon_e5 2658_v4
intel xeon_e3_1245_v6 -
intel core_i5 4460t
intel xeon_e7 2803
intel core_i5 2515e
intel core_i5 2430m
intel xeon_e3_1226_v3 -
intel xeon_e5_2448l -
intel celeron_n n2840
intel core_i7 2610ue
intel core_i7 4770r
intel core_i5 6600t
intel xeon_e3_12201 -
intel core_i3 4340te
intel xeon_e7 2890_v2
intel core_i5 560m
intel core_i5 2557m
intel atom_c c3558
intel xeon_e3_1125c_v2 -
intel xeon_e5_1620_v4 -
intel core_i3 550
intel core_i7 8550u
intel xeon_e5 4660_v4
intel core_i5 3340s
intel core_i5 4402e
intel xeon_e5_2470_v2 -
intel core_i5 4690
intel core_i3 2350m
intel core_i7 4510u
intel core_i7 4600u
intel xeon_e3_1501m_v6 -
intel xeon_e7 4820_v2
intel xeon_gold 6130f
intel atom_c c3808
intel core_i5 2500k
intel core_i7 3840qm
intel xeon_e5_2440_v2 -
intel core_i7 2920xm
intel core_i5 4570s
intel core_i7 2710qe
intel xeon e5506
intel xeon_e3_1230l_v3 -
intel core_i5 4310u
synology router_manager *
intel core_i3 6100
intel core_i7 4810mq
intel xeon_e5 2690
intel core_i3 3250t
intel xeon_e3_1285l_v3 -
intel core_i5 4570
intel core_i7 5850eq
intel core_i5 4440
intel core_i7 3615qe
intel xeon_e3_1280 -
intel core_i7 3615qm
intel core_i5 2390t
intel xeon_e5 4640_v4
intel core_i3 2115c
intel core_i5 2410m
intel atom_c c2538
intel xeon w5590
intel xeon_e7 2880_v2
intel core_i5 3570
intel core_i3 6100t
intel core_i7 965
intel xeon_e5 4648_v3
intel core_i7 4770k
intel xeon_silver 4116t
intel core_i3 2330e
intel xeon_e3_1225_v3 -
intel core_i7 4790
intel core_i5 6440eq
intel core_i7 980x
intel core_i7 4771
intel xeon_e3_1276_v3 -
intel atom_z z2760
siemens simatic_itc1500_firmware *
intel core_i3 6320
intel xeon_e3_1230 -
opensuse leap 42.3
intel xeon_e5_2637_v3 -
intel xeon_gold 6126t
intel core_i7 720qm
intel xeon_e7 8860_v3
intel xeon_gold 6146
intel xeon_e5_2603_v2 -
intel core_i7 3555le
intel atom_c c3958
intel celeron_j j4105
intel core_i7 5775c
intel xeon_e3_1501l_v6 -
intel xeon_e7 8867l
intel core_i5 4250u
intel xeon_e5 4650_v3
phoenixcontact vl2_bpc_2000_firmware -
intel xeon_e5 4607
intel core_i5 3337u
intel xeon_e5 2670
intel atom_e e3805
intel xeon_e5_2450_v2 -
intel atom_c c2350
intel xeon_platinum 8153
intel xeon_e5_2407_v2 -
intel xeon_e5_1680_v3 -
oracle local_service_management_system 13.2
intel xeon e5530
intel core_i7 840qm
intel xeon_e5 2667_v2
intel xeon_e5 2697_v2
phoenixcontact dl_ppc15m_7000_firmware -
intel core_i7 4790t
intel core_i5 2500t
intel xeon_e5 2699a_v4
netapp solidfire -
intel core_i5 3570k
phoenixcontact bl_ppc17_3000_firmware -
intel xeon_e5_1660 -
intel xeon x5650
intel atom_z z2520
intel core_i3 6100h
intel xeon e5540
intel core_i7 5600u
intel xeon_gold 6140m
intel core_i7 4710hq
intel core_i7 4712hq
intel core_i7 7567u
intel xeon_e5 2695_v2
intel core_i3 3110m
intel xeon_e7 8893_v3
intel atom_c c3955
intel xeon_e5_2623_v3 -
intel xeon_e7 4809_v3
intel core_i5 4200m
intel core_i3 3240
intel core_i3 4100m
intel xeon l5508
intel core_i5 4300y
arm cortex-a78_firmware -
phoenixcontact bl_ppc17_1000_firmware -
intel core_i5 750
intel core_i7 2620m
canonical ubuntu_linux 14.04
intel atom_c c3758
intel celeron_n n4100
intel core_i5 2500
intel atom_c c2758
intel core_i3 2312m
intel xeon_e5 2680_v4
phoenixcontact bl2_bpc_7000_firmware -
intel xeon_e7 4820
intel core_i5 4278u
intel xeon_gold 6126
intel core_i5 450m
intel core_i3 4010u
intel core_i5 6300hq
intel core_i5 6300u
intel xeon_e5 4669_v4
intel xeon_e7 8837
intel xeon_e5_2603_v4 -
intel core_i5 6442eq
intel core_i7 4550u
intel xeon_e5 4657l_v2
intel core_i5 4302y
intel xeon_e5 2687w_v2
intel xeon_e7 8870
intel core_i3 2120t
intel core_i5 5300u
intel core_i7 640lm
intel atom_z z3740
intel pentium_j j2850
intel xeon_gold 6142
intel xeon_e7 8893_v4
intel core_i5 2500s
intel core_i3 3240t
intel core_i7 7920hq
intel xeon_e7 8850_v2
intel xeon_e5 2683_v4
intel celeron_n n2930
intel atom_z z3745
intel xeon x3440
intel core_i3 3130m
intel xeon_e7 4830
intel core_m 5y10c
intel xeon_e3 1558l_v5
oracle solaris 10
intel core_i5 3340
intel xeon_e3_1268l_v3 -
intel xeon_e7 8850
arm cortex-r8_firmware -
intel xeon x3450
intel xeon_e5_2428l -
intel core_i3 560
intel core_i5 660
intel core_i7 4980hq
intel xeon_e5_2650l -
intel core_i5 2450m
intel xeon_e7 4860_v2
intel core_i7 7700k
intel xeon_platinum 8170m
intel xeon_gold 6152
intel xeon_e3 1585_v5
intel core_i3 4110m
intel core_i3 3220t
intel celeron_n n3000
intel xeon e5503
intel xeon_e5_2630l -
intel core_i5 2400
intel core_i7 930
intel xeon_e5 2699_v3
intel xeon_e5_1428l -
intel core_i5 2450p
intel xeon_e7 4890_v2
intel core_i3 3120me
intel xeon x5660
intel xeon_gold 6138f
siemens simatic_winac_rtx_(f)_2010_firmware 2010
intel xeon_e5 2660_v4
canonical ubuntu_linux 16.04
intel xeon_e7 8880l_v2
intel xeon ec5509
phoenixcontact bl2_ppc_1000_firmware -
phoenixcontact vl2_bpc_1000_firmware -
intel xeon_e3_1245 -
intel xeon_e5 2687w_v4
intel xeon_e3_1230_v3 -
intel xeon e7520
intel xeon_e5_1660_v4 -
intel xeon w5580
intel core_i5 4590t
intel xeon_e3 1565l_v5
intel xeon_e5_2643_v3 -
intel core_i3 4360t
intel core_i5 4300m
intel core_i5 4690s
intel core_i5 4460s
intel xeon_e5 4655_v4
intel xeon_e5_2640 -
arm neoverse_n2_firmware -
intel xeon_silver 4109t
intel core_i7 2635qm
intel core_i7 5557u
intel core_i7 5775r
intel xeon_e5 2667_v4
intel core_i5 6600k
intel xeon_e3_1240_v5 -
intel core_i3 6167u
intel core_i5 4210m
canonical ubuntu_linux 17.04
intel celeron_n n3050
intel core_i5 3450
intel core_i5 680
intel atom_z z3735f
phoenixcontact bl_ppc15_1000_firmware -
siemens simatic_itc2200_firmware *
intel xeon_e5 4620_v4
intel atom_z z3560
intel atom_e e3827
intel xeon_e5_2448l_v2 -
intel xeon_phi 7235
intel core_i5 4288u
intel core_i7 4770
intel core_i5 3330s
intel xeon_e5_2438l_v3 -
phoenixcontact vl2_ppc_1000_firmware -
intel xeon_gold 6132
phoenixcontact vl2_ppc9_1000_firmware -
phoenixcontact bl_bpc_2000_firmware -
intel celeron_n n3160
intel core_i5 8350u
intel core_i5 470um
intel core_i3 370m
intel xeon_e3_1270_v5 -
intel xeon_e5 2697_v4
synology virtual_machine_manager *
synology vs960hd_firmware -
intel core_i5 760
arm cortex-a72_firmware -
intel core_i5 3320m
intel core_i5 4200u
intel xeon_e5_1650_v2 -
intel core_i7 620um
intel xeon_e5_2620_v2 -
intel core_i3 3115c
arm cortex-a8_firmware -
intel xeon_e5_1650_v4 -
intel core_i3 4005u
intel xeon_gold 6148f
intel xeon_e3_1220 -
canonical ubuntu_linux 17.10
phoenixcontact bl_rackmount_2u_firmware -
intel core_i7 7820eq
intel atom_z z3775
oracle local_service_management_system 13.3
intel xeon_e3_1268l_v5 -
arm cortex-a77_firmware -
intel atom_c c3830
intel xeon e7540
intel xeon_e5 4650
intel core_i5 460m
intel core_i5 4670
intel xeon_e7 8890_v2
intel core_i3 3217ue
intel core_i5 2320
intel xeon_e5 2670_v3
intel xeon_e5 4628l_v4
intel core_i7 4700ec
intel atom_x3 c3405
intel atom_c c3850
intel xeon_e3_1225_v2 -
intel core_i7 3687u
intel xeon_gold 6130
intel xeon_e7 8880_v4
intel core_i5 3340m
intel xeon_silver 4114
intel xeon_e5_2620_v3 -
intel xeon_e7 4850
opensuse leap 42.2
intel core_i7 2617m
intel xeon x5677
intel core_i7 4860hq
intel core_i7 5700hq
intel core_i7 3770s
intel xeon_e3_1275_v5 -
arm cortex-a57_firmware -
phoenixcontact bl_ppc15_7000_firmware -
intel xeon_e7 8867_v3
intel xeon_platinum 8164
intel core_i7 3517u
intel core_i3 540
intel xeon_bronze_3104 -
intel xeon l5630
intel xeon_e5_2420 -
intel core_i7 4600m
intel core_i3 4330t
intel core_i7 5700eq
intel core_m3 6y30
intel atom_z z2460
phoenixcontact vl_ppc_3000_firmware -
intel core_i3 2125
intel xeon x5570
intel xeon x6550
intel celeron_n n2805
intel xeon_e3_1246_v3 -
intel core_i7 860s
intel xeon_gold 5119t
intel xeon_e3_1240l_v5 -
phoenixcontact vl_bpc_3000_firmware -
intel xeon_e5_2630_v4 -
intel core_i3 5157u
intel atom_x3 c3445
intel xeon_gold 5118
intel xeon l5609
intel xeon_e3_1275_v2 -
intel core_i5 4350u
intel core_i7 7560u
pepperl-fuchs btc12_firmware -
intel xeon l3426
intel xeon_e3_1235 -
intel core_i7 820qm
intel xeon_e7 2850
intel xeon_e3_1220_v2 -
intel xeon_platinum 8160m
intel core_i3 3245
intel core_i3 6100u
intel core_i7 2655le
intel atom_x3 c3295rk
intel core_i5 6350hq
vmware workstation *
intel xeon_e5_2609_v2 -
oracle solaris 11.3
intel xeon_e5_2608l_v4 -
intel core_i5 3470t
phoenixcontact vl2_ppc_9000_firmware -
intel xeon_e3_1260l -
siemens simatic_winac_rtx_(f)_2010_firmware *
intel core_i5 3380m
intel core_i3 2377m
intel xeon_e5_2643 -
intel xeon_e3 1535m_v5
intel xeon l5520
intel xeon_phi 7295
intel core_i5 3437u
intel core_i7 610e
intel core_i3 380m
intel xeon_e3_1220_v3 -
intel xeon_e5_2608l_v3 -
intel core_i7 880
intel xeon_e3_1220_v6 -
intel xeon_gold 6134m
intel core_i5 2467m
intel xeon x5690
intel core_i3 4170t
intel celeron_n n2830
intel celeron_n n3060
suse suse_linux_enterprise_desktop 12
synology vs360hd_firmware -
intel xeon_e3_1225 -
intel core_i7 4710mq
intel xeon_e5 2687w
intel pentium_n n3510
intel xeon_e7 4870
intel xeon_e5_1620 -
intel core_i7 660um
intel celeron_n n2808
intel xeon_e5 2699_v4
synology skynas -
intel xeon x3460
intel core_i3 4158u
suse suse_linux_enterprise_software_development_kit 12
intel core_i5 3570t
intel core_i7 2600k
intel xeon_e5_2640_v2 -
intel core_i5 6287u
intel xeon_silver 4112
intel core_m3 7y32
siemens simatic_itc1500_pro_firmware *
intel xeon_e5_2650_v3 -
intel core_i7 3740qm
intel xeon_e5_1630_v3 -
intel xeon_e5 4610_v4
intel xeon_e7 8880_v3
intel core_i3 2330m
arm cortex-a12_firmware -
intel core_i7 4702mq
intel core_i5 4570te
intel core_i5 8400
intel atom_c c2518
intel core_m 5y70
intel xeon_e5_2630l_v3 -
intel xeon_e7 4820_v3
intel xeon_platinum 8160
intel xeon_e3_1280_v5 -
intel xeon_e5 4650l
intel core_i3 330m
intel xeon_e3_1290_v2 -
arm cortex-a15_firmware -
intel xeon_e7 8880l_v3
phoenixcontact bl_ppc15_3000_firmware -
intel core_i5 4210y
phoenixcontact bl_bpc_7001_firmware -
arm cortex-a75_firmware -
phoenixcontact bl2_bpc_1000_firmware -
intel xeon_e5 4610
intel core_i7 7660u
intel celeron_n n2810
intel xeon_e5_2609_v3 -
intel core_i3 2310e
intel atom_c c3858
intel atom_c c2738
intel xeon_e3 1578l_v5
intel xeon_e5_2630_v2 -
suse suse_linux_enterprise_server 11
intel core_i7 7820hk
intel celeron_j j3160
intel core_i7 3689y
intel xeon_silver 4110
intel core_i5 5257u
intel core_i5 520um
phoenixcontact vl2_bpc_9000_firmware -
intel core_i7 2720qm
intel xeon_e5_2430_v2 -
intel core_i3 330e
intel xeon_e5 4640_v2
intel xeon_e5_2628l_v4 -
intel xeon e5502
intel core_i3 4170
intel xeon_gold 5115
intel core_i5 3550
intel core_i5 4670t
intel xeon_e5 2658_v2
intel xeon e5620
intel xeon_e3_12201_v2 -
phoenixcontact bl_bpc_7000_firmware -
phoenixcontact bl2_bpc_2000_firmware -
intel xeon l5518
intel core_i5 3210m
intel celeron_n n2940
intel core_i3 2348m
intel xeon_gold 5122
intel core_i5 3570s
intel xeon x5670
intel core_i5 4310m
intel xeon_e5 2660_v3
intel core_i3 4020y
intel core_i3 5020u
intel xeon_e5_2403 -
intel core_i5 5675c
intel core_i3 2375m
intel xeon_e5_2648l_v2 -
intel pentium_n n4200
intel xeon_e5_2650_v2 -
intel core_i7 4910mq
intel core_i7 4650u
intel xeon_e3_1240l_v3 -
intel core_i3 4025u
intel atom_e e3826
intel xeon_e5 2667
intel core_i7 2675qm
intel core_i3 3120m
intel atom_c c2718
intel xeon l5618
intel atom_x5-e3940 -
intel core_i5 560um
intel core_i7 4770te
intel core_m3 7y30
intel core_i5 6600
intel xeon_e5 4667_v4
intel core_i5 4340m
intel core_i5 670
intel xeon_e5_1428l_v3 -
intel core_i3 6006u
intel atom_c c3708
intel core_i3 2105
intel atom_c c2530
intel xeon x5550
intel core_i7 2649m
intel core_m7 6y75
intel xeon l3406
intel core_i7 920
intel core_i3 330um
intel core_i7 5550u
intel xeon_e3 1505m_v6
intel core_i3 8350k
intel core_i5 650
intel xeon_gold 6148
intel core_i5 2537m
intel xeon_e3_1280_v2 -
phoenixcontact vl_bpc_2000_firmware -
intel core_i7 975
intel xeon_e3 1515m_v5
phoenixcontact vl_ipc_p7000_firmware -
intel core_i5 4308u
intel core_i7 8700
intel xeon_e5_2618l_v4 -
intel pentium_j j3710
intel core_i5 4570t
intel xeon_e5_2620_v4 -
intel core_i7 940
intel core_i5 4570r
intel xeon_e3_1285_v4 -
intel xeon_e5_1660_v2 -
intel xeon_e5_2450 -
vmware fusion *
intel xeon_e3_1281_v3 -
intel xeon_e5 4627_v3
intel xeon_e5_2650l_v3 -
intel xeon_e5 4640
intel xeon_silver 4108
intel core_i7 990x
intel xeon_e7 4850_v4
intel core_i5 5350u
intel atom_x5-e3930 -
intel atom_z z3530
intel celeron_j j3455
intel xeon_e7 8860
intel core_i3 2365m
intel core_i5 3339y
intel xeon_e5 2680
intel xeon_e3_1275_v6 -
intel xeon_e5_2637_v4 -
phoenixcontact vl2_ppc_2000_firmware -
intel xeon_e5 2697_v3
phoenixcontact vl2_ppc7_1000_firmware -
intel core_i7 640m
intel xeon_e5_2430 -
intel core_i5 3470s
intel core_i5 3610me
intel core_i7 2960xm
intel atom_z z3770
intel atom_c c2338
intel xeon_e5 4603_v2
intel core_i3 2120
intel xeon_e5_2628l_v2 -
intel celeron_j j3355
intel core_m 5y31
intel core_i3 2340ue
intel xeon_e5_2440 -
intel atom_z z2480
intel xeon_e5_1630_v4 -
phoenixcontact dl_ppc21.5m_7000_firmware -
intel xeon_e5_2418l_v3 -
intel core_i7 2637m
debian debian_linux 9.0
intel core_i5 4670r
phoenixcontact bl_bpc_3000_firmware -
intel core_i3 530
intel core_i7 2600s
intel core_i5 661
intel core_i7 3540m
intel core_i7 4960hq
intel xeon_e3_1241_v3 -
intel xeon_e3_1271_v3 -
intel atom_e e3815
intel core_i7 4750hq
intel atom_z z3460
canonical ubuntu_linux 12.04
intel xeon_e5_2630l_v2 -
intel core_i3 4360
netapp hci -
intel xeon_e5 4669_v3
intel celeron_n n3010
intel xeon_e5 4603
intel core_i7 960
intel core_i3 2102
intel core_i5 5287u
intel core_i5 2520m
intel core_m 5y71
arm cortex-a9_firmware -
intel core_i7 7600u
pepperl-fuchs btc14_firmware -
intel core_i5 5350h
intel core_i5 5575r
intel xeon l7555
intel atom_z z3740d
intel core_i7 3537u
intel core_i5 750s
intel atom_x3 c3230rk
intel xeon_e5_2650l_v2 -
intel core_i7 3667u
intel core_i3 4350t
intel xeon_e7 8891_v2
intel xeon_phi 7290
intel xeon_e5_1650 -
intel xeon_phi 7210f
phoenixcontact vl2_ppc12_1000_firmware -
intel xeon_e5_2603 -
intel atom_e e3825
intel xeon_e5_1428l_v2 -
intel xeon_e5 2698_v4
intel xeon e6540
intel core_i7 4765t
arm cortex-x1_firmware -
intel celeron_j j3060
intel core_i3 4010y
intel atom_c c2358
intel core_i5 4430
intel xeon_e7 4850_v3
intel xeon_e5_2648l_v3 -
intel core_i7 4712mq
phoenixcontact bl_ppc17_7000_firmware -
synology diskstation_manager *
intel xeon_e5 4610_v3
intel xeon_silver 4116
intel xeon x5672
intel xeon_e5_1680_v4 -
intel core_i3 2100
intel core_m5 6y57
intel xeon_e7 2860
intel core_i7 2630qm
intel xeon_e7 8890_v4
intel xeon_e7 4809_v2
intel xeon_e3_1245_v5 -
intel core_i7 5500u
intel xeon_e3_1265l_v4 -
arm cortex-a76_firmware -
intel xeon_e5_2640_v4 -
intel core_i5 2300
intel xeon_e3_1270_v2 -
intel core_i3 6100te
intel xeon_e7 4809_v4
intel xeon_e5_2450l_v2 -
intel core_i7 5850hq
intel core_i7 7820hq
intel core_i5 6402p
intel core_i5 6400
intel xeon w3680
intel core_i7 660lm
intel core_i7 940xm
intel xeon_silver 4114t
intel core_i7 980
intel core_i3 2130
intel xeon_e7 8880_v2
intel xeon_gold 6134
intel core_i3 4130
intel core_i3 2100t
arm cortex-a73_firmware -
intel atom_z z2560
intel atom_z z3480
arm cortex-a17_firmware -
intel xeon_e5_2420_v2 -
intel xeon e5504
intel xeon e5603
intel xeon_e3_1290 -
intel xeon l5506
intel core_i5 6260u
intel xeon_e3_1231_v3 -
intel xeon_e3_1270 -
intel xeon_e5_2643_v4 -
intel xeon_e5 4624l_v2
intel core_i3 2357m
intel core_i3 4102e
vmware esxi 5.5.0
intel xeon_e7 8893_v2
intel core_i3 5005u
intel core_i7 2760qm
intel pentium_j j2900
intel core_i7 2640m
intel xeon_e5_2650_v4 -
intel xeon e5507
intel atom_c c3950
intel core_i5 4430s
intel core_i5 2540m
intel core_i7 4500u
intel celeron_j j1750
intel celeron_n n2815
intel core_i3 4112e
intel xeon_e7 8830
intel core_i7 950
intel xeon_e3_1245_v2 -
intel core_i5 2405s
intel xeon_e5 4627_v2
intel atom_z z3735e
phoenixcontact vl_ppc_2000_firmware -
intel core_i7 3630qm
intel xeon_e5_2408l_v3 -
intel core_i5 6200u
intel core_i7 3635qm
intel xeon_e5 4655_v3
intel atom_z z2420
intel core_i5 3439y
intel xeon_e5_2630_v3 -
intel atom_c c2516
intel core_i3 4370t
intel xeon x7550
intel xeon_e5 2695_v4
intel xeon_e3_1285_v3 -
intel core_i7 4770t
intel xeon_e7 8870_v2
intel xeon_platinum 8156
intel celeron_n n2820
intel xeon_e3_1258l_v4 -
intel core_i7 4722hq
intel core_i3 2328m
intel core_i3 4120u
intel core_i5 3330
intel xeon l5530
intel core_i5 6400t
intel core_i3 4100u
intel core_i5 4590s
intel xeon_gold 6150
phoenixcontact bl_ppc12_1000_firmware -
intel xeon_e5_2428l_v3 -
intel core_i7 620le
intel atom_z z3580
intel core_i5 4258u
intel atom_c c3750
intel xeon_e3 1575m_v5
intel xeon e5640
intel xeon_e3 1545m_v5
intel pentium_n n3710
phoenixcontact bl_ppc_1000_firmware -
intel core_i5 5675r
intel core_i7 7y75
intel atom_c c3538
intel core_i7 4700eq
intel celeron_n n3350
intel xeon_e5_2640_v3 -
intel xeon_e3_1225_v6 -
intel core_i5 4410e
intel core_i7 2670qm
intel xeon_e5 2687w_v3
intel xeon_e7 4860
intel xeon_e7 8867_v4
intel pentium_n n3520
intel xeon e5630
intel core_i5 430m
intel core_i5 430um
intel core_i5 4590
phoenixcontact vl2_ppc_7000_firmware -
intel xeon_platinum 8160t
intel xeon_e5 4650_v2
suse suse_linux_enterprise_software_development_kit 11
intel core_i5 2550k
intel core_i5 2400s
intel celeron_n n2806
vmware esxi 6.5
intel core_i7 620ue
intel atom_z z3736f
intel xeon_platinum 8180
intel core_i5 4670k
intel core_i7 4760hq
phoenixcontact bl_rackmount_4u_firmware -
intel xeon_e3_1240_v2 -
intel core_i3 4100e
intel atom_e e3845
intel atom_c c2730
intel core_i5 4690t
intel xeon e5607
intel xeon w3690
intel xeon_e7 4807
intel core_i5 4210u
intel core_i5 655k
intel xeon_e7 4880_v2
intel core_i5 6440hq
intel core_i3 6102e
intel core_i5 3350p
intel xeon_gold 6126f
intel atom_c c2558
intel atom_x3 c3205rk
intel atom_z z3770d
intel xeon_e3_1280_v3 -
intel atom_z z3775d
intel core_i7 8650u
intel atom_z z3570
phoenixcontact bl_ppc_7000_firmware -
intel core_i3 4030y
intel xeon_e7 8891_v4
phoenixcontact el_ppc_1000/m_firmware -
intel xeon_e5 2667_v3
intel atom_z z3795
intel core_i3 8100
intel core_i7 4720hq
intel core_m 5y10a
intel xeon_e5 2698_v3
intel xeon_e7 8860_v4
intel atom_x3 c3235rk
intel xeon_e5_2428l_v2 -
intel core_i5 4670s
intel xeon_e3_1265l_v2 -
intel core_i7 4770s
intel celeron_j j1900
intel xeon_e5_2407 -
intel xeon_gold 6144
intel xeon_platinum 8176
phoenixcontact vl2_bpc_7000_firmware -
intel core_i5 5250u
intel core_i3 6098p
intel core_i7 7700t
intel atom_z z3735d
intel core_i5 5200u
intel core_i5 4440s
intel xeon_e7 4830_v4
intel xeon_gold 6142m
phoenixcontact bl_bpc_3001_firmware -
intel xeon_e7 4830_v3
intel xeon_phi 7230f
intel xeon_e5 2660_v2
intel xeon_e5 2690_v2
intel celeron_n n2807
intel xeon_phi 7250f
intel xeon_e3_1235l_v5 -
intel xeon x3470
intel xeon_e5 4620
intel core_i3 4030u
intel xeon x3430
intel xeon_e5 4620_v3
intel core_i7 3770t
intel atom_z z3590
intel xeon_e3_1265l_v3 -
intel core_i7 875k
intel core_i7 2629m
intel atom_c c2316
intel xeon_e3_1225_v5 -
phoenixcontact dl_ppc15_1000_firmware -
intel core_i7 3610qm
intel xeon_platinum 8160f
intel core_i7 2715qe
intel xeon_e7 2870
intel core_i5 4690k
intel xeon_e7 2830
intel xeon_e3_1270_v6 -
intel core_i7 4610m
intel xeon_e3_1220_v5 -
intel xeon_gold 6154
intel xeon_e3 1535m_v6
intel xeon_e5 2690_v3
intel core_i7 3610qe
intel core_i7 4790k
intel atom_c c3308
intel core_i5 3470
intel xeon e5520
intel core_i3 4370
intel xeon_e5 2680_v2
intel xeon_e3 1585l_v5
arm cortex-r7_firmware -
phoenixcontact vl_bpc_1000_firmware -
intel core_i3 380um
intel core_i7 3632qm
intel xeon_e5 4607_v2
intel core_i3 6300
intel core_i3 4000m
intel core_i5 540m
intel core_i5 6267u
intel core_i7 3770k
intel xeon lc5518
intel core_i7 4950hq
intel core_i3 2370m
intel core_i5 520m
siemens simatic_itc1900_firmware *
intel xeon ec5539
intel atom_x3 c3200rk
intel celeron_n n2910
intel xeon_e5 2665
intel xeon_e5_2450l -
intel xeon_e5_2609 -
intel atom_c c3338
intel xeon_e5_2418l -
intel xeon_e3_1260l_v5 -
intel xeon_e3_1240_v3 -
intel core_i3 3220
intel xeon_e5_1650_v3 -
intel core_i3 5010u
intel core_i5 6500
intel atom_c c3508
intel xeon x5680
intel xeon_e5 2650l_v4
intel xeon_e7 4820_v4
intel xeon_platinum 8176m
intel xeon_e3_1245_v3 -
intel xeon l7545
intel xeon_e3_1286_v3 -
intel xeon_e5_2628l_v3 -
intel core_i7 7700
intel core_i5 4210h
intel core_i3 2367m
intel xeon x7560
vmware esxi 6.0
intel core_i5 6500te
intel core_i7 3612qm
intel xeon lc5528
intel atom_x3 c3130
intel xeon_e3_1230_v2 -
intel xeon_e5 2658
intel core_i7 3612qe
intel core_i7 5650u
intel core_m5 6y54
intel xeon x5667
intel core_i3 4150t
intel atom_z z3735g
intel xeon_e3_1285l_v4 -
phoenixcontact el_ppc_1000/wt_firmware -
intel core_i3 3250
intel xeon_e3_1505l_v6 -
intel xeon_e5_2630l_v4 -
intel core_i5 520e
intel core_i7 5950hq
intel core_i3 4110e
pepperl-fuchs visunet_rm_shell -
intel xeon_e7 2820
intel xeon_e5 4617
intel core_i7 2657m
intel xeon_e3_1230_v6 -
intel core_i5 4402ec
intel core_i7 2860qm
intel xeon_e5 4660_v3
intel core_i5 480m
intel core_i3 3210
intel core_i5 8250u
intel xeon_e5_2623_v4 -
intel xeon ec5549
intel xeon_e3_1105c_v2 -
intel atom_c c2750
intel core_i7 620lm
intel atom_z z3745d
intel xeon_gold 6128
intel xeon_e3_1505m_v5 -
intel core_i7 660ue
intel core_i5 4360u
intel xeon_e3_1275 -
intel xeon x5560
intel core_i5 2510e
intel pentium_n n3540
intel xeon_e7 8870_v4
intel xeon_platinum 8170
phoenixcontact vl2_ppc_3000_firmware -
intel xeon_e5_2430l_v2 -
intel core_i5 3230m
intel xeon_e3_1240_v6 -
intel xeon_e5_2630 -
intel core_i5 2310
intel xeon_e5 2670_v2
intel xeon_e5 2699r_v4
intel xeon_e5 4640_v3
intel xeon_e5 4627_v4
intel xeon_e7 2850_v2
intel core_i3 3217u
intel core_i7 2600
intel core_i5 4400e
intel core_m 5y10
intel core_i3 3225
intel core_i5 3550s
intel xeon_e5 2695_v3
intel xeon_e5_2643_v2 -
intel core_i3 3229y
intel core_i7 3820qm
intel xeon_e5_1660_v3 -
intel core_i5 4330m
intel xeon_e5 2697a_v4
intel core_i5 3475s
intel core_i3 6100e
intel xeon_gold 5120t
intel celeron_n n3150
intel xeon x5687
intel core_i3 4160
intel core_i7 870
intel xeon_e5_2648l_v4 -
intel core_i3 390m
intel xeon_bronze_3106 -
intel core_i3 4330te
intel core_i7 4578u
intel celeron_n n2920
intel core_i7 2700k
intel core_i7 4900mq
intel xeon_e7 8890_v3
arm cortex-a78ae_firmware -
intel core_i7 4790s
intel xeon_e7 8857_v2
intel core_i7 4770hq
intel xeon x7542
intel atom_x3 c3265rk
intel xeon e6510
intel core_i7 860
intel core_i7 870s
intel xeon_e3_1220l_v3 -
intel xeon_e5 2658_v3
intel xeon_e5 2690_v4
intel xeon_e5 2680_v3
intel xeon_e5 2683_v3
intel core_i3 4130t
intel core_i5 4460
intel core_i7 4870hq
intel core_i7 680um
siemens simatic_itc1900_pro_firmware *
intel celeron_j j1800
intel xeon_phi 7285
intel core_i5 6360u
intel core_i3 3227u
intel xeon_e5_1620_v2 -
intel core_i3 6300t
intel xeon x5675
intel xeon_gold 6142f
intel xeon_e3_1275l_v3 -
intel core_i7 7500u
intel core_i7 3720qm
intel core_i5 4200y
intel core_i7 3770
intel atom_c c2308
intel core_i5 4202y
intel xeon_e7 8891_v3
intel celeron_j j4005
intel core_i7 740qm
intel xeon_e5 4667_v3
intel core_i3 4340
debian debian_linux 8.0
siemens simatic_itc2200_pro_firmware *
intel xeon_e5_2609_v4 -
intel xeon_platinum 8168
intel xeon_e5_2418l_v2 -
intel celeron_n n4000
intel xeon e5649
intel core_i7 7700hq
intel core_i3 4012y
intel core_i3 5015u
intel core_i7 620m
intel core_i5 6685r
intel core_i5 580m
phoenixcontact vl2_bpc_3000_firmware -
intel atom_c c2508
intel xeon_phi 7250
intel core_i5 540um
intel core_i3 350m
intel core_i7 3520m
intel xeon_e5 4620_v2
intel xeon e5606
intel core_i5 6585r
intel xeon_e5_2637 -
intel xeon x5647
intel core_i5 2380p
intel xeon_platinum 8158
intel xeon_e5 2658a_v3
phoenixcontact valueline_ipc_firmware -
intel core_i7 4700mq
intel core_i7 4702ec
intel celeron_n n3450
intel xeon_gold 5120
intel xeon_e5 4650_v4
CVE-2017-8040 MEDIUM

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
vmware single_sign-on_for_pivotal_cloud_foundry 1.3.0
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.2
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.1
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.0
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.3
vmware single_sign-on_for_pivotal_cloud_foundry 1.3.2
vmware single_sign-on_for_pivotal_cloud_foundry 1.3.3
CVE-2017-8041 MEDIUM

In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware single_sign-on_for_pivotal_cloud_foundry 1.3.0
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.2
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.1
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.0
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.3
vmware single_sign-on_for_pivotal_cloud_foundry 1.3.2
vmware single_sign-on_for_pivotal_cloud_foundry 1.3.3
CVE-2017-8044 MEDIUM

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware single_sign-on_for_pivotal_cloud_foundry 1.3.0
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.2
vmware single_sign-on_for_pivotal_cloud_foundry 1.4.1
vmware single_sign-on_for_pivotal_cloud_foundry 1.3.2
vmware single_sign-on_for_pivotal_cloud_foundry 1.3.3
CVE-2017-8046 HIGH

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware spring_boot *
vmware spring_boot 2.0.0
pivotal_software spring_data_rest 3.0.0
pivotal_software spring_data_rest *
CVE-2018-11039 MEDIUM

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle retail_clearance_optimization_engine 14.0.5
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle agile_plm 9.3.6
oracle agile_plm 9.3.3
oracle insurance_rules_palette 10.0
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
oracle enterprise_manager_for_mysql_database 13.2
oracle health_sciences_information_manager 3.0
oracle mysql_enterprise_monitor *
vmware spring_framework *
oracle retail_financial_integration 13.2
oracle healthcare_master_person_index 4.0
oracle retail_assortment_planning 14.1
oracle insurance_calculation_engine 10.2
oracle communications_unified_inventory_management 7.3.2
oracle endeca_information_discovery_integrator 3.2.0
oracle agile_plm 9.3.5
oracle hospitality_guest_access 4.2.1
oracle weblogic_server 12.2.1.3.0
oracle retail_customer_insights 15.0
oracle retail_predictive_application_server 14.1.3.37
oracle retail_predictive_application_server 14.0.3.26
oracle application_testing_suite 13.3.0.1
oracle retail_financial_integration 14.1
oracle retail_assortment_planning 15.0
oracle communications_diameter_signaling_router *
oracle application_testing_suite 13.1.0.1
oracle agile_plm 9.3.4
oracle retail_financial_integration 14.0
oracle retail_predictive_application_server 15.0.3..100
oracle communications_unified_inventory_management 7.3.5
oracle retail_assortment_planning 16.0
oracle retail_markdown_optimization 13.4.4
oracle enterprise_manager_ops_center 12.3.3
oracle insurance_rules_palette 10.2
oracle communications_unified_inventory_management 7.4.0
oracle weblogic_server 10.3.6.0.0
oracle micros_lucas 2.9.5
oracle retail_advanced_inventory_planning 15.0
oracle communications_online_mediation_controller 6.1
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle weblogic_server 12.1.3.0.0
oracle hospitality_guest_access 4.2.0
oracle retail_integration_bus 14.1.2
oracle application_testing_suite 12.5.0.3
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle insurance_calculation_engine *
oracle utilities_network_management_system 1.12.0.3
oracle application_testing_suite 13.2.0.1
oracle communications_services_gatekeeper *
oracle retail_xstore_point_of_service 7.1
oracle communications_unified_inventory_management 7.3.4
oracle communications_performance_intelligence_center *
oracle endeca_information_discovery_integrator 3.1.0
oracle retail_predictive_application_server 16.0
oracle retail_customer_insights 16.0
oracle primavera_p6_enterprise_project_portfolio_management 18.8
oracle healthcare_master_person_index 3.0
oracle communications_network_integrity *
debian debian_linux 9.0
CVE-2018-11040 MEDIUM

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-829,

Products Affected

Vendor Product Version
oracle retail_clearance_optimization_engine 14.0.5
oracle retail_predictive_application_server 15.0.3.100
oracle agile_product_lifecycle_management 9.3.5
oracle flexcube_private_banking 12.0.1.0
oracle insurance_rules_palette 10.0
oracle enterprise_manager 13.2
oracle mysql_enterprise_monitor *
vmware spring_framework *
oracle healthcare_master_person_index 4.0
oracle flexcube_private_banking 2.0.0.0
oracle communications_unified_inventory_management 7.3.2
oracle endeca_information_discovery_integrator 3.2.0
oracle agile_product_lifecycle_management 9.3.4
oracle hospitality_guest_access 4.2.1
oracle weblogic_server 12.2.1.3.0
oracle retail_customer_insights 15.0
oracle retail_predictive_application_server 14.1.3.37
oracle retail_predictive_application_server 14.0.3.26
oracle application_testing_suite 13.3.0.1
oracle product_lifecycle_management 9.3.6
oracle application_testing_suite 13.1.0.1
oracle retail_service_backbone 16.0.1
oracle communications_unified_inventory_management 7.3.5
oracle retail_markdown_optimization 13.4.4
oracle enterprise_manager_ops_center 12.3.3
oracle insurance_rules_palette 10.2
oracle agile_product_lifecycle_management 9.3.3
oracle communications_unified_inventory_management 7.4.0
oracle flexcube_private_banking 12.1.0.0
oracle micros_lucas 2.9.5
oracle retail_advanced_inventory_planning 15.0
oracle communications_online_mediation_controller 6.1
oracle hospitality_guest_access 4.2.0
oracle application_testing_suite 12.5.0.3
oracle insurance_calculation_engine *
oracle utilities_network_management_system 1.12.0.3
oracle application_testing_suite 13.2.0.1
oracle communications_services_gatekeeper *
oracle retail_xstore_point_of_service 7.1
oracle communications_unified_inventory_management 7.3.4
oracle endeca_information_discovery_integrator 3.1.0
oracle retail_predictive_application_server 16.0
oracle retail_customer_insights 16.0
oracle flexcube_private_banking 12.0.3.0
oracle healthcare_master_person_index 3.0
oracle communications_network_integrity *
oracle flexcube_private_banking 2.2.0.1
debian debian_linux 9.0
CVE-2018-11066 HIGH

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vsphere_data_protection 6.0.3
vmware vsphere_data_protection 6.0.5
vmware vsphere_data_protection 6.0.8
dell emc_avamar 7.2.1
vmware vsphere_data_protection 6.1.4
vmware vsphere_data_protection 6.1.3
vmware vsphere_data_protection 6.0.4
dell emc_avamar 7.3.1
vmware vsphere_data_protection 6.1.1
dell emc_avamar 7.4.1
dell emc_avamar 7.5.1
dell emc_avamar 7.3.0
dell emc_integrated_data_protection_appliance 2.0
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.0.7
dell emc_avamar 7.5.0
vmware vsphere_data_protection 6.1.9
vmware vsphere_data_protection 6.1.5
dell emc_integrated_data_protection_appliance 2.2
vmware vsphere_data_protection 6.1.7
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.0.6
vmware vsphere_data_protection 6.0.0
dell emc_avamar 7.2.0
dell emc_integrated_data_protection_appliance 2.1
dell emc_avamar 7.4.0
vmware vsphere_data_protection 6.0.1
dell emc_avamar 18.1
vmware vsphere_data_protection 6.1.6
vmware vsphere_data_protection 6.1.8
vmware vsphere_data_protection 6.0.2
CVE-2018-11067 MEDIUM

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
vmware vsphere_data_protection 6.0.3
vmware vsphere_data_protection 6.0.5
vmware vsphere_data_protection 6.0.8
dell emc_avamar 7.2.1
vmware vsphere_data_protection 6.1.4
vmware vsphere_data_protection 6.1.3
vmware vsphere_data_protection 6.0.4
dell emc_avamar 7.3.1
vmware vsphere_data_protection 6.1.1
dell emc_avamar 7.4.1
dell emc_avamar 7.5.1
dell emc_avamar 7.3.0
dell emc_integrated_data_protection_appliance 2.0
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.0.7
dell emc_avamar 7.5.0
vmware vsphere_data_protection 6.1.9
vmware vsphere_data_protection 6.1.5
dell emc_integrated_data_protection_appliance 2.2
vmware vsphere_data_protection 6.1.7
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.0.6
vmware vsphere_data_protection 6.0.0
dell emc_avamar 7.2.0
dell emc_integrated_data_protection_appliance 2.1
dell emc_avamar 7.4.0
vmware vsphere_data_protection 6.0.1
dell emc_avamar 18.1
vmware vsphere_data_protection 6.1.6
vmware vsphere_data_protection 6.1.8
vmware vsphere_data_protection 6.0.2
CVE-2018-11076 LOW

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vsphere_data_protection 6.0.3
vmware vsphere_data_protection 6.0.5
vmware vsphere_data_protection 6.0.8
dell emc_avamar 7.2.1
vmware vsphere_data_protection 6.1.4
vmware vsphere_data_protection 6.1.3
vmware vsphere_data_protection 6.0.4
dell emc_avamar 7.3.1
vmware vsphere_data_protection 6.1.1
dell emc_avamar 7.4.1
dell emc_avamar 7.3.0
dell emc_integrated_data_protection_appliance 2.0
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.0.7
vmware vsphere_data_protection 6.1.9
vmware vsphere_data_protection 6.1.5
vmware vsphere_data_protection 6.1.7
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.0.6
vmware vsphere_data_protection 6.0.0
dell emc_avamar 7.2.0
dell emc_avamar 7.4.0
vmware vsphere_data_protection 6.0.1
vmware vsphere_data_protection 6.1.6
vmware vsphere_data_protection 6.1.8
vmware vsphere_data_protection 6.0.2
CVE-2018-11077 HIGH

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vmware vsphere_data_protection 6.0.3
vmware vsphere_data_protection 6.0.5
vmware vsphere_data_protection 6.0.8
dell emc_avamar 7.2.1
vmware vsphere_data_protection 6.1.4
vmware vsphere_data_protection 6.1.3
vmware vsphere_data_protection 6.0.4
dell emc_avamar 7.3.1
vmware vsphere_data_protection 6.1.1
dell emc_avamar 7.4.1
dell emc_avamar 7.5.1
dell emc_avamar 7.3.0
dell emc_integrated_data_protection_appliance 2.0
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.0.7
dell emc_avamar 7.5.0
vmware vsphere_data_protection 6.1.9
vmware vsphere_data_protection 6.1.5
dell emc_integrated_data_protection_appliance 2.2
vmware vsphere_data_protection 6.1.7
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.0.6
vmware vsphere_data_protection 6.0.0
dell emc_avamar 7.2.0
dell emc_integrated_data_protection_appliance 2.1
dell emc_avamar 7.4.0
vmware vsphere_data_protection 6.0.1
dell emc_avamar 18.1
vmware vsphere_data_protection 6.1.6
vmware vsphere_data_protection 6.1.8
vmware vsphere_data_protection 6.0.2
CVE-2018-11087 MEDIUM

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
pivotal_software rabbitmq *
pivotal_software spring_advanced_message_queuing_protocol *
vmware rabbitmq_java_client *
CVE-2018-1196 MEDIUM

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
vmware spring_boot *
vmware spring_boot 2.0.0
CVE-2018-1199 MEDIUM

Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat fuse 1.0
oracle retail_xstore_point_of_service 7.1
vmware spring_framework *
oracle rapid_planning 12.2
vmware spring_security *
oracle rapid_planning 12.1
CVE-2018-1256 MEDIUM

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware spring_cloud_sso_connector 2.1.2
CVE-2018-1257 MEDIUM

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle retail_predictive_application_server 14.1
oracle agile_product_lifecycle_management 9.3.5
oracle flexcube_private_banking 12.0.1.0
oracle tape_library_acsls 8.4
oracle insurance_rules_palette 10.0
oracle goldengate_for_big_data 12.3.1.1
oracle big_data_discovery 1.6.0
oracle enterprise_manager_for_mysql_database 13.2
oracle primavera_gateway 16.2
oracle health_sciences_information_manager 3.0
vmware spring_framework *
oracle retail_predictive_application_server 14.0
oracle healthcare_master_person_index 4.0
redhat openshift -
oracle retail_open_commerce_platform 5.3.0
oracle insurance_calculation_engine 10.2
oracle flexcube_private_banking 2.0.0.0
oracle communications_unified_inventory_management 7.3.2
oracle retail_order_broker 5.1
oracle endeca_information_discovery_integrator 3.2.0
oracle agile_product_lifecycle_management 9.3.4
oracle hospitality_guest_access 4.2.1
oracle weblogic_server 12.2.1.3.0
oracle retail_customer_insights 15.0
oracle application_testing_suite 13.3.0.1
oracle insurance_rules_palette 10.1
oracle communications_diameter_signaling_router *
oracle application_testing_suite 13.1.0.1
oracle retail_open_commerce_platform 6.0.1
oracle communications_unified_inventory_management 7.3.5
oracle goldengate_for_big_data 12.3.2.1
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle retail_order_broker 16.0
oracle retail_predictive_application_server 15.0
oracle enterprise_manager_ops_center 12.3.3
oracle insurance_rules_palette 10.2
oracle agile_product_lifecycle_management 9.3.3
oracle communications_unified_inventory_management 7.4.0
oracle weblogic_server 10.3.6.0.0
oracle flexcube_private_banking 12.1.0.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 17.12
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle retail_order_broker 15.0
oracle weblogic_server 12.1.3.0.0
oracle insurance_calculation_engine 10.2.1
oracle hospitality_guest_access 4.2.0
oracle goldengate_for_big_data 12.2.0.1
oracle application_testing_suite 12.5.0.3
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle utilities_network_management_system 1.12.0.3
oracle application_testing_suite 13.2.0.1
oracle retail_open_commerce_platform 6.0.0
oracle agile_product_lifecycle_management 9.3.6
oracle communications_services_gatekeeper *
oracle communications_unified_inventory_management 7.3.4
oracle insurance_rules_palette 11.0
oracle communications_converged_application_server *
oracle communications_performance_intelligence_center *
oracle endeca_information_discovery_integrator 3.1.0
oracle retail_predictive_application_server 16.0
oracle primavera_gateway 15.2
oracle retail_customer_insights 16.0
oracle insurance_calculation_engine 10.1.1
oracle flexcube_private_banking 12.0.3.0
oracle healthcare_master_person_index 3.0
oracle retail_order_broker 5.2
oracle flexcube_private_banking 2.2.0.1
CVE-2018-1258 MEDIUM

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
oracle agile_plm 9.3.6
oracle insurance_policy_administration 10.0
oracle tape_library_acsls 8.4
oracle agile_plm 9.3.3
oracle insurance_rules_palette 10.0
oracle goldengate_for_big_data 12.3.1.1
oracle retail_financial_integration 15.0
redhat fuse 7.3.0
oracle big_data_discovery 1.6.0
oracle insurance_policy_administration 11.0
oracle peoplesoft_enterprise_fin_install 9.2
oracle retail_financial_integration 16.0
oracle enterprise_manager_for_mysql_database 13.2
oracle health_sciences_information_manager 3.0
oracle mysql_enterprise_monitor *
oracle enterprise_manager_ops_center 12.2.2
oracle retail_financial_integration 13.2
oracle healthcare_master_person_index 4.0
oracle retail_assortment_planning 14.1
oracle insurance_calculation_engine 10.2
oracle endeca_information_discovery_integrator 3.2.0
oracle insurance_policy_administration 10.2
oracle agile_plm 9.3.5
oracle hospitality_guest_access 4.2.1
oracle retail_returns_management 14.1
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle application_testing_suite 13.3.0.1
oracle retail_financial_integration 14.1
oracle insurance_rules_palette 10.1
oracle retail_assortment_planning 15.0
oracle communications_diameter_signaling_router *
oracle application_testing_suite 13.1.0.1
oracle insurance_policy_administration 10.1
oracle retail_central_office 14.0
oracle agile_plm 9.3.4
netapp snapcenter -
oracle retail_back_office 14.0
oracle retail_financial_integration 14.0
netapp oncommand_workflow_automation -
oracle retail_point-of-service 14.1
netapp oncommand_insight -
oracle goldengate_for_big_data 12.3.2.1
oracle retail_assortment_planning 16.0
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle enterprise_manager_ops_center 12.3.3
oracle insurance_rules_palette 10.2
oracle micros_lucas 2.9.5
oracle insurance_rules_palette 11.1
oracle weblogic_server 12.1.3.0
oracle weblogic_server 10.3.6.0
netapp oncommand_unified_manager *
netapp storage_automation_store -
oracle insurance_calculation_engine 10.2.1
oracle hospitality_guest_access 4.2.0
oracle goldengate_for_big_data 12.2.0.1
oracle retail_integration_bus 14.1.2
oracle application_testing_suite 12.5.0.3
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle enterprise_repository 11.1.1.7.0
oracle application_testing_suite 10.1
oracle application_testing_suite 13.2.0.1
oracle weblogic_server 12.2.1.3
oracle retail_back_office 14.1
oracle communications_services_gatekeeper *
oracle retail_returns_management 14.0
oracle retail_point-of-service 14.0
oracle insurance_rules_palette 11.0
oracle communications_converged_application_server *
oracle communications_performance_intelligence_center *
oracle weblogic_server 12.2.1.2
oracle endeca_information_discovery_integrator 3.1.0
vmware spring_framework 5.0.5
oracle retail_customer_insights 16.0
oracle insurance_calculation_engine 10.1.1
oracle retail_xstore_point_of_service 17.0
oracle healthcare_master_person_index 3.0
pivotal_software spring_security *
oracle communications_network_integrity *
oracle enterprise_repository 12.1.3.0.0
CVE-2018-1261 MEDIUM

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.0 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware spring_integration_zip *
CVE-2018-1263 MEDIUM

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.0 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware spring_integration_zip *
CVE-2018-1270 HIGH

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-358,

Products Affected

Vendor Product Version
oracle retail_predictive_application_server 14.1
oracle tape_library_acsls 8.4
oracle insurance_rules_palette 10.0
oracle goldengate_for_big_data 12.3.1.1
oracle big_data_discovery 1.6.0
oracle primavera_gateway 16.2
oracle health_sciences_information_manager 3.0
oracle enterprise_manager_ops_center 12.2.2
vmware spring_framework *
oracle retail_integration_bus 14.0.2
oracle retail_predictive_application_server 14.0
oracle healthcare_master_person_index 4.0
oracle retail_open_commerce_platform 5.3.0
oracle insurance_calculation_engine 10.2
oracle retail_order_broker 5.1
oracle retail_returns_management 14.1
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle application_testing_suite 13.3.0.1
oracle retail_integration_bus 15.0.0.1
oracle insurance_rules_palette 10.1
oracle communications_diameter_signaling_router *
oracle application_testing_suite 13.1.0.1
oracle retail_open_commerce_platform 6.0.1
oracle retail_central_office 14.0
oracle retail_back_office 14.0
oracle goldengate_for_big_data 12.3.2.1
oracle retail_integration_bus 14.0.3
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle retail_order_broker 16.0
oracle retail_integration_bus 14.0.4
oracle retail_predictive_application_server 15.0
redhat fuse 1.0.0
oracle enterprise_manager_ops_center 12.3.3
oracle insurance_rules_palette 10.2
oracle retail_integration_bus 16.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 17.12
oracle retail_order_broker 15.0
oracle retail_integration_bus 15.0.1
oracle insurance_calculation_engine 10.2.1
oracle retail_point-of-sale 14.1
oracle goldengate_for_big_data 12.2.0.1
oracle retail_integration_bus 14.1.2
oracle application_testing_suite 12.5.0.3
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle application_testing_suite 13.2.0.1
oracle retail_open_commerce_platform 6.0.0
oracle retail_integration_bus 14.0.1
oracle retail_back_office 14.1
oracle communications_services_gatekeeper *
oracle retail_xstore_point_of_service 7.1
oracle retail_returns_management 14.0
oracle insurance_rules_palette 11.0
oracle retail_point-of-sale 14.0
oracle communications_converged_application_server *
oracle communications_performance_intelligence_center *
oracle retail_predictive_application_server 16.0
oracle retail_integration_bus 16.0.1
oracle primavera_gateway 15.2
oracle retail_customer_insights 16.0
oracle insurance_calculation_engine 10.1.1
oracle retail_integration_bus 15.0.2
oracle healthcare_master_person_index 3.0
oracle retail_integration_bus 14.1.3
oracle retail_integration_bus 16.0.2
oracle retail_integration_bus 14.1.1
oracle retail_order_broker 5.2
debian debian_linux 9.0
CVE-2018-1271 MEDIUM

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
oracle retail_predictive_application_server 14.1
oracle tape_library_acsls 8.4
oracle insurance_rules_palette 10.0
oracle goldengate_for_big_data 12.3.1.1
oracle big_data_discovery 1.6.0
oracle primavera_gateway 16.2
oracle health_sciences_information_manager 3.0
oracle enterprise_manager_ops_center 12.2.2
vmware spring_framework *
oracle retail_integration_bus 14.0.2
oracle retail_predictive_application_server 14.0
oracle healthcare_master_person_index 4.0
oracle retail_open_commerce_platform 5.3.0
oracle insurance_calculation_engine 10.2
oracle retail_order_broker 5.1
oracle retail_returns_management 14.1
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle application_testing_suite 13.3.0.1
oracle retail_integration_bus 15.0.0.1
oracle insurance_rules_palette 10.1
oracle communications_diameter_signaling_router *
oracle application_testing_suite 13.1.0.1
oracle retail_open_commerce_platform 6.0.1
oracle retail_central_office 14.0
oracle retail_back_office 14.0
oracle goldengate_for_big_data 12.3.2.1
oracle retail_integration_bus 14.0.3
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle retail_order_broker 16.0
oracle retail_integration_bus 14.0.4
oracle retail_predictive_application_server 15.0
oracle enterprise_manager_ops_center 12.3.3
oracle insurance_rules_palette 10.2
oracle retail_integration_bus 16.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 17.12
oracle retail_order_broker 15.0
oracle retail_integration_bus 15.0.1
oracle insurance_calculation_engine 10.2.1
oracle retail_point-of-sale 14.1
oracle goldengate_for_big_data 12.2.0.1
oracle retail_integration_bus 14.1.2
oracle application_testing_suite 12.5.0.3
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle insurance_calculation_engine *
oracle application_testing_suite 13.2.0.1
oracle retail_open_commerce_platform 6.0.0
oracle retail_integration_bus 14.0.1
oracle retail_back_office 14.1
oracle communications_services_gatekeeper *
oracle retail_xstore_point_of_service 7.1
oracle rapid_planning 12.2
oracle retail_returns_management 14.0
oracle insurance_rules_palette 11.0
oracle retail_point-of-sale 14.0
oracle communications_converged_application_server *
oracle communications_performance_intelligence_center *
oracle rapid_planning 12.1
oracle retail_predictive_application_server 16.0
oracle retail_integration_bus 16.0.1
oracle primavera_gateway 15.2
oracle retail_customer_insights 16.0
oracle insurance_calculation_engine 10.1.1
oracle retail_integration_bus 15.0.2
oracle communications_policy_management 12.5.0
oracle healthcare_master_person_index 3.0
oracle retail_integration_bus 14.1.3
oracle retail_integration_bus 16.0.2
oracle retail_integration_bus 14.1.1
oracle retail_order_broker 5.2
CVE-2018-1272 MEDIUM

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle retail_predictive_application_server 14.1
oracle tape_library_acsls 8.4
oracle insurance_rules_palette 10.0
oracle goldengate_for_big_data 12.3.1.1
oracle big_data_discovery 1.6.0
oracle primavera_gateway 16.2
oracle health_sciences_information_manager 3.0
oracle enterprise_manager_ops_center 12.2.2
vmware spring_framework *
oracle retail_integration_bus 14.0.2
oracle retail_predictive_application_server 14.0
oracle healthcare_master_person_index 4.0
oracle retail_open_commerce_platform 5.3.0
oracle insurance_calculation_engine 10.2
oracle retail_order_broker 5.1
oracle retail_returns_management 14.1
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle application_testing_suite 13.3.0.1
oracle retail_integration_bus 15.0.0.1
oracle insurance_rules_palette 10.1
oracle communications_diameter_signaling_router *
oracle application_testing_suite 13.1.0.1
oracle retail_open_commerce_platform 6.0.1
oracle retail_central_office 14.0
oracle retail_back_office 14.0
oracle goldengate_for_big_data 12.3.2.1
oracle retail_integration_bus 14.0.3
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle retail_order_broker 16.0
oracle retail_integration_bus 14.0.4
oracle retail_predictive_application_server 15.0
oracle enterprise_manager_ops_center 12.3.3
oracle insurance_rules_palette 10.2
oracle retail_integration_bus 16.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 17.12
oracle retail_order_broker 15.0
oracle retail_integration_bus 15.0.1
oracle insurance_calculation_engine 10.2.1
oracle retail_point-of-sale 14.1
oracle goldengate_for_big_data 12.2.0.1
oracle retail_integration_bus 14.1.2
oracle application_testing_suite 12.5.0.3
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle application_testing_suite 13.2.0.1
oracle retail_open_commerce_platform 6.0.0
oracle retail_integration_bus 14.0.1
oracle retail_back_office 14.1
oracle communications_services_gatekeeper *
oracle retail_returns_management 14.0
oracle insurance_rules_palette 11.0
oracle retail_point-of-sale 14.0
oracle communications_converged_application_server *
oracle communications_performance_intelligence_center *
oracle retail_predictive_application_server 16.0
oracle retail_integration_bus 16.0.1
oracle primavera_gateway 15.2
oracle retail_customer_insights 16.0
oracle insurance_calculation_engine 10.1.1
oracle retail_integration_bus 15.0.2
oracle healthcare_master_person_index 3.0
oracle retail_integration_bus 14.1.3
oracle retail_integration_bus 16.0.2
oracle retail_integration_bus 14.1.1
oracle retail_order_broker 5.2
CVE-2018-1275 HIGH

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-358,

Products Affected

Vendor Product Version
oracle retail_predictive_application_server 14.1
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle retail_order_broker 16.0
oracle retail_predictive_application_server 15.0
oracle tape_library_acsls 8.4
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.2
oracle goldengate_for_big_data 12.3.1.1
oracle big_data_discovery 1.6.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 17.12
oracle primavera_gateway 16.2
oracle health_sciences_information_manager 3.0
oracle retail_order_broker 15.0
vmware spring_framework *
oracle insurance_calculation_engine 10.2.1
oracle retail_predictive_application_server 14.0
oracle healthcare_master_person_index 4.0
oracle retail_open_commerce_platform 5.3.0
oracle insurance_calculation_engine 10.2
oracle goldengate_for_big_data 12.2.0.1
oracle application_testing_suite 12.5.0.3
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle retail_order_broker 5.1
oracle application_testing_suite 13.2.0.1
oracle retail_open_commerce_platform 6.0.0
oracle communications_services_gatekeeper *
oracle retail_customer_insights 15.0
oracle insurance_rules_palette 11.0
oracle communications_converged_application_server *
oracle communications_performance_intelligence_center *
oracle application_testing_suite 13.3.0.1
oracle insurance_rules_palette 10.1
oracle retail_predictive_application_server 16.0
oracle communications_diameter_signaling_router *
oracle application_testing_suite 13.1.0.1
oracle primavera_gateway 15.2
oracle retail_customer_insights 16.0
oracle insurance_calculation_engine 10.1.1
oracle retail_open_commerce_platform 6.0.1
oracle healthcare_master_person_index 3.0
oracle retail_order_broker 5.2
oracle goldengate_for_big_data 12.3.2.1
CVE-2018-15756 MEDIUM

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle agile_plm 9.3.6
oracle retail_predictive_application_server 15.0.3.100
oracle retail_financial_integration 15.0
oracle primavera_analytics 18.8
oracle communications_session_report_manager 8.1.0
oracle retail_invoice_matching 13.1
oracle primavera_gateway 16.2
oracle insurance_policy_administration_j2ee 10.1
oracle mysql_enterprise_monitor *
oracle retail_service_backbone 16.0
oracle financial_services_analytical_applications_infrastructure *
oracle insurance_rules_palette 11.2.0
oracle retail_invoice_matching 13.2
oracle weblogic_server 12.2.1.3.0
oracle retail_predictive_application_server 14.1.3.37
oracle retail_assortment_planning 15.0
oracle retail_service_backbone 16.0.1
oracle communications_element_manager 8.2.0
oracle primavera_gateway 18.8.0
oracle agile_plm 9.3.4
oracle flexcube_private_banking 12.1.0
oracle communications_converged_application_server_-_service_controller 6.1
oracle insurance_rules_palette 11.0.2
oracle communications_session_report_manager 8.2.1
oracle retail_assortment_planning 16.0
oracle communications_diameter_signaling_router 8.0.0
oracle retail_markdown_optimization 13.4.4
oracle enterprise_manager_ops_center 12.3.3
oracle goldengate_application_adapters 12.3.2.1.0
oracle weblogic_server 10.3.6.0.0
oracle retail_advanced_inventory_planning 15.0
oracle communications_element_manager 8.1.1
oracle communications_session_report_manager 8.2.0
oracle retail_order_broker 15.0
oracle insurance_calculation_engine 10.0
oracle retail_invoice_matching 12.0
oracle communications_session_route_manager 8.2.0
oracle insurance_calculation_engine 9.7
oracle insurance_rules_palette 10.2.4
vmware spring_framework 5.1.0
oracle insurance_rules_palette 11.0
oracle retail_integration_bus 15.0
oracle enterprise_manager_for_fusion_applications 13.3.0.0
oracle retail_predictive_application_server 14.1.3
oracle communications_session_route_manager 8.2.1
oracle communications_session_route_manager 8.1.1
oracle retail_order_broker 5.2
debian debian_linux 9.0
oracle retail_invoice_matching 14.1
oracle retail_clearance_optimization_engine 14.0.5
oracle insurance_policy_administration_j2ee 11.0
oracle agile_plm 9.3.3
oracle insurance_rules_palette 10.0
oracle insurance_calculation_engine 10.1
oracle retail_financial_integration 16.0
oracle flexcube_private_banking 12.0.1
vmware spring_framework *
oracle communications_converged_application_server_-_service_controller 6.0
oracle insurance_policy_administration_j2ee 10.2.4
oracle insurance_calculation_engine 10.2
oracle insurance_rules_palette 11.1.0
oracle retail_order_broker 5.1
oracle endeca_information_discovery_integrator 3.2.0
oracle agile_plm 9.3.5
oracle communications_session_route_manager 8.1.0
oracle insurance_policy_administration_j2ee 11.2.0
oracle retail_predictive_application_server 14.0.3.26
oracle retail_financial_integration 14.1
oracle communications_diameter_signaling_router 8.2.1
oracle retail_invoice_matching 14.0
oracle communications_brm_-_elastic_charging_engine 12.0
oracle retail_integration_bus 15.0.3
oracle insurance_rules_palette 10.1
oracle tape_library_acsls 8.5
oracle insurance_policy_administration_j2ee 11.1.0
oracle communications_diameter_signaling_router 8.1
oracle communications_session_report_manager 8.0.0
oracle retail_financial_integration 14.0
oracle communications_session_report_manager 8.1.1
oracle weblogic_server 12.2.1.4.0
oracle retail_invoice_matching 13.0
oracle healthcare_master_person_index 4.0.2
oracle retail_predictive_application_server 14.0.3
oracle retail_order_broker 16.0
oracle communications_brm_-_elastic_charging_engine 11.3
oracle insurance_rules_palette 10.2.0
oracle insurance_rules_palette 10.2
oracle communications_session_route_manager 8.0.0
oracle communications_unified_inventory_management 7.4.0
oracle retail_integration_bus 16.0.3
oracle communications_element_manager 8.2.1
oracle retail_integration_bus 16.0
oracle communications_unified_inventory_management 7.3
oracle identity_manager_connector 9.0
oracle communications_online_mediation_controller 6.1
oracle primavera_gateway 17.12
oracle webcenter_sites 12.2.1.3.0
oracle weblogic_server 12.1.3.0.0
oracle communications_diameter_signaling_router 8.2
oracle retail_service_backbone 15.0
oracle insurance_policy_administration_j2ee 10.2
oracle retail_xstore_point_of_service 7.1
oracle rapid_planning 12.2
oracle retail_predictive_application_server 15.0.3
oracle rapid_planning 12.1
oracle retail_predictive_application_server 16.0.3
oracle retail_predictive_application_server 16.0
oracle flexcube_private_banking 12.0.3
oracle primavera_gateway 15.2
oracle healthcare_master_person_index 3.0
oracle insurance_policy_administration_j2ee 10.2.0
oracle insurance_policy_administration_j2ee 10.0
CVE-2018-15801 MEDIUM

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
vmware spring_framework *
CVE-2018-5511 MEDIUM

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-470,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_application_acceleration_manager 13.1.0
vmware workstation 14.1.5
f5 big-ip_websafe 13.1.0
f5 big-ip_enterprise_manager 3.1.1
f5 big-ip_webaccelerator 13.1.0
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_link_controller 13.1.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_edge_gateway 13.1.0
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_domain_name_system 13.0.0
vmware workstation_player 15.0.2
f5 big-ip_analytics 13.0.0
f5 big-ip_websafe 13.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_analytics 13.1.0
f5 big-ip_global_traffic_manager 13.0.0
CVE-2018-6957 LOW

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.

CVSS 2.0

Severity: LOW

Problem Type: CWE-772,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware fusion 8.5.6
vmware fusion 8.5.4
vmware workstation_pro 12.5.5
vmware workstation_pro 12.1.1
vmware workstation_player 12.5.4
vmware workstation_pro 12.5.1
vmware fusion 8.5.1
vmware workstation_player 12.5.7
vmware workstation_pro 12.0
vmware workstation_pro 12.5.6
vmware fusion 8.1.1
vmware fusion 8.5.3
vmware workstation_player 12.5.5
vmware workstation_player *
vmware fusion 8.0.2
vmware workstation_pro 12.01
vmware workstation_player 12.5.2
vmware workstation_pro *
vmware fusion 8.5.7
vmware workstation_player 12.5.1
vmware fusion 8.5.8
vmware fusion 8.0
vmware workstation_player 12.0.1
vmware fusion 8.0.1
vmware workstation_pro 12.5.7
vmware workstation_player 12.5.6
vmware fusion 8.1
vmware workstation_player 12.0
vmware fusion 8.5.2
vmware workstation_pro 12.5.4
vmware workstation_pro 12.5
vmware workstation_player 12.5
vmware fusion *
vmware fusion 8.5.5
vmware workstation_player 12.5.3
vmware workstation_pro 12.1
vmware workstation_player 12.1
vmware workstation_pro 12.5.2
vmware workstation_player 12.1.1
vmware fusion 8.5
vmware workstation_pro 12.5.3
CVE-2018-6958 MEDIUM

VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vrealize_automation *
CVE-2018-6959 HIGH

VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-384,

Products Affected

Vendor Product Version
vmware vrealize_automation *
CVE-2018-6960 MEDIUM

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware horizon_daas *
CVE-2018-6961 MEDIUM

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
vmware nsx_sd-wan_by_velocloud *
CVE-2018-6962 HIGH

VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware fusion *
CVE-2018-6963 LOW

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2018-6964 HIGH

VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware horizon_client *
CVE-2018-6965 MEDIUM

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6966 and CVE-2018-6967.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
vmware esxi 6.7
CVE-2018-6966 MEDIUM

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
vmware esxi 6.7
CVE-2018-6967 MEDIUM

VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6966.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
vmware esxi 6.7
CVE-2018-6968 HIGH

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware airwatch_agent *
CVE-2018-6969 MEDIUM

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware tools *
CVE-2018-6970 MEDIUM

VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware horizon_view *
vmware horizon_client *
CVE-2018-6971 LOW

VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
vmware horizon_view_agents *
CVE-2018-6972 MEDIUM

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware fusion *
vmware esxi 6.5
vmware esxi 5.5
vmware workstation *
vmware esxi 6.7
CVE-2018-6973 HIGH

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2018-6974 HIGH

VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2018-6975 LOW

The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.

CVSS 2.0

Severity: LOW

Problem Type: CWE-311,

Products Affected

Vendor Product Version
vmware intelligent_hub *
CVE-2018-6976 MEDIUM

The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
vmware workspace_one *
CVE-2018-6977 MEDIUM

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2018-6978 HIGH

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2018-6979 MEDIUM

The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware airwatch_console *
CVE-2018-6980 MEDIUM

VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2018-6981 HIGH

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-908,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware fusion *
vmware fusion 11.0.0
vmware esxi 6.5
vmware workstation 15.0.0
vmware workstation *
vmware esxi 6.7
CVE-2018-6982 MEDIUM

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware fusion *
vmware fusion 11.0.0
vmware esxi 6.5
vmware workstation 15.0.0
vmware workstation *
vmware esxi 6.7
CVE-2018-6983 HIGH

VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2019-11272 HIGH

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-522,

Products Affected

Vendor Product Version
debian debian_linux 8.0
vmware spring_security *
CVE-2019-11286 MEDIUM

VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
vmware tanzu_gemfire_for_virtual_machines *
vmware gemfire *
CVE-2019-11287 MEDIUM

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-134,

Products Affected

Vendor Product Version
vmware rabbitmq *
pivotal_software rabbitmq *
fedoraproject fedora 30
redhat openstack 15
fedoraproject fedora 31
debian debian_linux 9.0
CVE-2019-11291 LOW

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
vmware rabbitmq *
redhat openstack 15
vmware rabbitmq 3.8.0
CVE-2019-16919 MEDIUM

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
vmware harbor_container_registry *
vmware cloud_foundation -
linuxfoundation harbor *
linuxfoundation harbor 1.9.0
CVE-2019-3772 HIGH

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
oracle retail_customer_management_and_segmentation_foundation 16.0
vmware spring_integration *
oracle retail_customer_management_and_segmentation_foundation 17.0
oracle retail_customer_management_and_segmentation_foundation 18.0
CVE-2019-3795 MEDIUM

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
debian debian_linux 8.0
vmware spring_security *
CVE-2019-3799 MEDIUM

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
vmware spring_cloud_config *
oracle communications_cloud_native_core_policy 1.15.0
CVE-2019-5098 MEDIUM

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
amd radeon_550_firmware 26.20.13001.29010
vmware workstation 15.0.0
amd radeon_rx_550_firmware 26.20.13001.29010
CVE-2019-5511 HIGH

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware workstation *
CVE-2019-5512 HIGH

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware workstation *
CVE-2019-5513 MEDIUM

VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware horizon *
CVE-2019-5514 MEDIUM

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
vmware fusion *
CVE-2019-5515 HIGH

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2019-5516 MEDIUM

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2019-5517 MEDIUM

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2019-5518 HIGH

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2019-5519 HIGH

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-367,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2019-5520 MEDIUM

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2019-5521 MEDIUM

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 3.1 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2019-5522 LOW

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware tools *
CVE-2019-5523 HIGH

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-384,

Products Affected

Vendor Product Version
vmware vcloud_director *
CVE-2019-5524 HIGH

VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2019-5525 HIGH

VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
vmware workstation *
CVE-2019-5526 HIGH

VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,

Products Affected

Vendor Product Version
vmware workstation *
CVE-2019-5527 HIGH

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
vmware esxi 6.0
vmware remote_console *
vmware fusion *
vmware esxi 6.5
vmware horizon *
vmware workstation *
vmware esxi 6.7
CVE-2019-5528 MEDIUM

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware esxi 6.5
vmware esxi 6.7
CVE-2019-5531 MEDIUM

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-613,

Products Affected

Vendor Product Version
vmware vsphere_esxi 6.5
vmware vcenter_server 6.5
vmware vcenter_server 6.7
vmware vsphere_esxi 6.7
vmware vcenter_server 6.0
vmware vsphere_esxi 6.0
vmware esxi 6.7
CVE-2019-5532 MEDIUM

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 6.7
vmware vcenter_server 6.0
CVE-2019-5533 MEDIUM

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vmware sd-wan_by_velocloud *
CVE-2019-5534 MEDIUM

VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-522,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 6.7
vmware vcenter_server 6.0
CVE-2019-5535 LOW

VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2019-5536 LOW

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2019-5537 MEDIUM

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 6.7
CVE-2019-5538 MEDIUM

Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 6.7
CVE-2019-5539 MEDIUM

VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
vmware horizon_view_agent *
vmware workstation *
CVE-2019-5540 MEDIUM

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2019-5541 MEDIUM

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2019-5542 MEDIUM

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2019-5543 HIGH

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
vmware remote_console *
vmware horizon_client *
vmware workstation *
CVE-2019-5544 HIGH

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_for_ibm_z_systems 6.0_s390x
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
openslp openslp 1.2.1
fedoraproject fedora 30
redhat enterprise_linux_server_eus 7.7
openslp openslp 2.0.0
redhat enterprise_linux_server 6.0
vmware horizon_daas *
redhat enterprise_linux_workstation 6.0
openslp openslp *
fedoraproject fedora 31
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_for_power_little_endian_eus 7.7_ppc64le
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_for_power_little_endian 7.0_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 7.7_s390x
redhat enterprise_linux_desktop 7.0
vmware esxi 6.7
redhat enterprise_linux_server_aus 7.7
vmware esxi 6.0
redhat enterprise_linux_server_tus 7.7
vmware esxi 6.5
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
CVE-2020-10713 MEDIUM

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
vmware photon_os *
opensuse leap 15.1
gnu grub2 *
debian debian_linux 10.0
opensuse leap 15.2
CVE-2020-11651 HIGH

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
saltstack salt *
debian debian_linux 8.0
opensuse leap 15.1
canonical ubuntu_linux 18.04
debian debian_linux 10.0
canonical ubuntu_linux 16.04
vmware application_remote_collector 7.5.0
vmware application_remote_collector 8.0.0
debian debian_linux 9.0
CVE-2020-11652 MEDIUM

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
saltstack salt *
debian debian_linux 8.0
opensuse leap 15.1
blackberry workspaces_server *
canonical ubuntu_linux 18.04
debian debian_linux 10.0
canonical ubuntu_linux 16.04
vmware application_remote_collector 7.5.0
vmware application_remote_collector 8.0.0
debian debian_linux 9.0
blackberry workspaces_server 9.1.0
CVE-2020-3940 MEDIUM

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
vmware workspace_one_boxer *
vmware workspace_one_people *
vmware workspace_one_notebook *
vmware workspace_one_intelligent_hub *
vmware workspace_one_web *
vmware workspace_one_sdk *
vmware workspace_one_content *
vmware workspace_one_sdk_(objective-c) *
vmware workspace_one_piv-d_manager *
CVE-2020-3941 MEDIUM

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
vmware tools *
CVE-2020-3943 HIGH

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2020-3944 MEDIUM

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2020-3945 MEDIUM

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2020-3946 MEDIUM

InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-776,

Products Affected

Vendor Product Version
vmware installbuilder *
CVE-2020-3947 HIGH

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2020-3948 MEDIUM

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2020-3950 HIGH

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
vmware remote_console *
vmware fusion *
vmware horizon_client *
CVE-2020-3951 LOW

VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L 2.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware horizon_client *
vmware workstation *
CVE-2020-3952 MEDIUM

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
vmware vcenter_server 6.7
CVE-2020-3953 LOW

Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-79,

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2020-3954 MEDIUM

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-601,

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2020-3955 MEDIUM

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.3 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N 2.8 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware esxi 6.5
vmware esxi 6.7
CVE-2020-3956 MEDIUM

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-917,

Products Affected

Vendor Product Version
vmware vcloud_director *
CVE-2020-3957 MEDIUM

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,

Products Affected

Vendor Product Version
vmware remote_console *
vmware fusion *
vmware horizon_client *
CVE-2020-3958 LOW

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-617,

Products Affected

Vendor Product Version
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3959 LOW

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,

Products Affected

Vendor Product Version
vmware fusion *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3960 LOW

VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 2.0 5.8

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware vsphere_esxi 6.5
vmware fusion *
vmware vsphere_esxi 6.7
vmware workstation *
CVE-2020-3961 MEDIUM

VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
vmware horizon_client *
CVE-2020-3962 MEDIUM

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3963 LOW

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3964 LOW

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-908,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3965 LOW

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3966 LOW

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3967 MEDIUM

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3968 MEDIUM

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3969 MEDIUM

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3970 LOW

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L 2.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3971 LOW

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3972 LOW

VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware tools *
CVE-2020-3973 MEDIUM

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
vmware velocloud_orchestrator 3.3.2
vmware velocloud_orchestrator 3.4.0
vmware velocloud_orchestrator *
CVE-2020-3974 HIGH

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware remote_console *
vmware fusion *
vmware horizon_client *
CVE-2020-3975 LOW

VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware app_volumes *
CVE-2020-3976 MEDIUM

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
vmware esxi 6.5
vmware esxi 6.7
CVE-2020-3977 MEDIUM

VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
vmware horizon_daas 7.0.0
vmware horizon_daas *
CVE-2020-3980 LOW

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware fusion *
CVE-2020-3981 LOW

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 1.3 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-367,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3982 MEDIUM

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H 1.3 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,CWE-787,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware fusion *
vmware workstation_player *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3984 MEDIUM

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
vmware sd-wan_orchestrator *
vmware sd-wan_orchestrator 3.3.2
CVE-2020-3985 MEDIUM

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware sd-wan_orchestrator *
vmware sd-wan_orchestrator 3.3.2
CVE-2020-3986 LOW

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware workstation_pro *
vmware workstation_player *
vmware horizon_client *
CVE-2020-3987 LOW

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware workstation_pro *
vmware workstation_player *
vmware horizon_client *
CVE-2020-3988 LOW

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 1.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware workstation_pro *
vmware workstation_player *
vmware horizon_client *
CVE-2020-3989 LOW

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware workstation_pro *
vmware workstation_player *
vmware horizon_client *
CVE-2020-3990 LOW

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-190,

Products Affected

Vendor Product Version
vmware workstation_pro *
vmware workstation_player *
vmware horizon_client *
CVE-2020-3991 LOW

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmware horizon_client *
CVE-2020-3992 HIGH

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware cloud_foundation *
vmware esxi 6.5
vmware esxi 6.7
CVE-2020-3993 MEDIUM

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
broadcom vmware_nsx-t_data_center *
vmware nsx-t_data_center *
vmware cloud_foundation *
CVE-2020-3994 MEDIUM

VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2020-3995 LOW

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,

Products Affected

Vendor Product Version
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-3996 LOW

Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware velero *
CVE-2020-3997 LOW

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware horizon *
CVE-2020-3998 MEDIUM

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware horizon_client *
CVE-2020-3999 LOW

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware fusion *
vmware esxi *
vmware workstation *
CVE-2020-4000 MEDIUM

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware sd-wan_orchestrator *
vmware sd-wan_orchestrator 3.3.2
CVE-2020-4001 HIGH

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
vmware sd-wan_orchestrator *
vmware sd-wan_orchestrator 3.3.2
CVE-2020-4002 MEDIUM

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware sd-wan_orchestrator *
vmware sd-wan_orchestrator 3.3.2
CVE-2020-4003 MEDIUM

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
vmware sd-wan_orchestrator *
vmware sd-wan_orchestrator 3.3.2
CVE-2020-4004 MEDIUM

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2020-4005 HIGH

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware cloud_foundation *
vmware esxi 6.5
vmware esxi 6.7
CVE-2020-4006 HIGH

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
vmware cloud_foundation 4.0.1
vmware identity_manager_connector 3.3.2
vmware identity_manager 3.3.3
vmware identity_manager_connector 3.3.3
vmware cloud_foundation 4.0
vmware identity_manager 3.3.1
vmware identity_manager 3.3.2
vmware identity_manager_connector 3.3.1
vmware vrealize_suite_lifecycle_manager *
vmware one_access 20.01
vmware one_access 20.10
CVE-2020-4008 LOW

The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.6 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L 1.0 2.5

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware carbon_black_cloud *
CVE-2020-5396 MEDIUM

VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-862,

Products Affected

Vendor Product Version
vmware tanzu_gemfire_for_virtual_machines *
vmware gemfire *
CVE-2020-5397 LOW

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
oracle mysql_enterprise_monitor *
vmware spring_framework *
oracle retail_service_backbone 16.0
oracle insurance_policy_administration_j2ee 11.0.2
oracle insurance_policy_administration_j2ee 10.2.4
oracle financial_services_regulatory_reporting_with_agilereporter 8.0.9.2.0
oracle insurance_rules_palette 11.1.0
oracle insurance_rules_palette 11.2.0
oracle weblogic_server 12.2.1.3.0
oracle retail_returns_management 14.1
oracle retail_central_office 14.1
oracle insurance_policy_administration_j2ee 11.2.0
oracle application_testing_suite 13.3.0.1
oracle communications_brm_-_elastic_charging_engine 12.0
oracle retail_integration_bus 15.0.3
oracle retail_assortment_planning 15.0
oracle communications_diameter_signaling_router *
oracle insurance_policy_administration_j2ee 11.1.0
oracle communications_element_manager 8.2.0
oracle retail_predictive_application_server 15.0.3.0
oracle retail_point-of-service 14.1
oracle weblogic_server 12.2.1.4.0
oracle flexcube_private_banking 12.1.0
oracle insurance_rules_palette 11.0.2
oracle healthcare_master_person_index 4.0.2
oracle retail_assortment_planning 16.0
oracle retail_predictive_application_server 14.0.3
oracle retail_order_broker 16.0
oracle communications_brm_-_elastic_charging_engine 11.3
oracle insurance_rules_palette 10.2.0
oracle retail_integration_bus 16.0.3
oracle communications_element_manager 8.2.1
oracle communications_element_manager 8.1.1
oracle retail_order_broker 15.0
oracle communications_session_route_manager 8.2.0
oracle enterprise_manager_base_platform 13.2.1.0
oracle insurance_rules_palette 10.2.4
oracle retail_service_backbone 15.0
oracle insurance_calculation_engine *
oracle retail_back_office 14.1
oracle rapid_planning 12.2
oracle rapid_planning 12.1
oracle retail_predictive_application_server 16.0.3.0
oracle retail_predictive_application_server 14.1.3
oracle communications_policy_management 12.5.0
oracle communications_session_route_manager 8.2.1
oracle insurance_policy_administration_j2ee 10.2.0
oracle communications_session_route_manager 8.1.1
oracle flexcube_private_banking 12.0.0
CVE-2020-5398 HIGH

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,CWE-494,

Products Affected

Vendor Product Version
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
vmware spring_framework *
oracle retail_service_backbone 16.0
oracle insurance_policy_administration_j2ee 11.0.2
oracle insurance_policy_administration_j2ee 10.2.4
oracle insurance_policy_administration_j2ee 11.2.2.0
oracle financial_services_regulatory_reporting_with_agilereporter 8.0.9.2.0
oracle insurance_rules_palette 11.1.0
oracle insurance_rules_palette 11.2.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0
oracle weblogic_server 12.2.1.3.0
oracle retail_returns_management 14.1
oracle retail_central_office 14.1
oracle insurance_policy_administration_j2ee 11.2.0
oracle application_testing_suite 13.3.0.1
oracle communications_billing_and_revenue_management_elastic_charging_engine 11.3
oracle retail_integration_bus 15.0.3
oracle retail_assortment_planning 15.0
oracle communications_diameter_signaling_router *
oracle insurance_policy_administration_j2ee 11.1.0
oracle communications_element_manager 8.2.0
netapp snapcenter -
oracle communications_session_report_manager 8.1.1
oracle retail_point-of-service 14.1
oracle weblogic_server 12.2.1.4.0
oracle flexcube_private_banking 12.1.0
oracle insurance_rules_palette 11.0.2
oracle healthcare_master_person_index 4.0.2
oracle communications_session_report_manager 8.2.1
oracle retail_assortment_planning 16.0
oracle communications_cloud_native_core_policy 1.5.0
oracle retail_predictive_application_server 14.0.3
oracle retail_predictive_application_server 14.1.3.0
oracle retail_order_broker 16.0
oracle mysql *
oracle insurance_rules_palette 10.2.0
oracle retail_integration_bus 16.0.3
oracle communications_element_manager 8.2.1
oracle communications_element_manager 8.1.1
netapp data_availability_services -
oracle communications_session_report_manager 8.2.0
oracle retail_order_broker 15.0
oracle siebel_engineering_-_installer_&_deployment *
oracle communications_session_route_manager 8.2.0
oracle enterprise_manager_base_platform 13.2.1.0
oracle insurance_rules_palette 10.2.4
oracle retail_service_backbone 15.0
oracle insurance_calculation_engine *
oracle retail_back_office 14.1
oracle rapid_planning 12.2
oracle retail_predictive_application_server 15.0.3
oracle rapid_planning 12.1
oracle retail_predictive_application_server 16.0.3.0
oracle communications_policy_management 12.5.0
oracle retail_bulk_data_integration 16.0.3.0
oracle communications_session_route_manager 8.2.1
oracle insurance_policy_administration_j2ee 10.2.0
oracle communications_session_route_manager 8.1.1
oracle flexcube_private_banking 12.0.0
CVE-2020-5405 MEDIUM

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
vmware spring_cloud_config *
CVE-2020-5406 MEDIUM

VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
vmware tanzu_application_service_for_vms *
CVE-2020-5408 MEDIUM

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-329,CWE-330,

Products Affected

Vendor Product Version
pivotal_software spring_security *
vmware spring_security *
CVE-2020-5410 MEDIUM

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
vmware spring_cloud_config *
CVE-2020-5412 MEDIUM

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-441,CWE-610,

Products Affected

Vendor Product Version
vmware spring_cloud_netflix *
CVE-2020-5413 HIGH

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
oracle banking_corporate_lending_process_management 14.5.0
oracle banking_credit_facilities_process_management 14.5.0
oracle banking_supply_chain_finance 14.3.0
oracle banking_corporate_lending_process_management 14.2.0
oracle banking_supply_chain_finance 14.5.0
oracle banking_credit_facilities_process_management 14.3.0
vmware spring_integration *
oracle banking_supply_chain_finance 14.2.0
oracle banking_virtual_account_management 14.5.0
oracle retail_customer_management_and_segmentation_foundation *
oracle banking_corporate_lending_process_management 14.3.0
oracle retail_merchandising_system 16.0.3
oracle banking_virtual_account_management 14.3.0
oracle banking_credit_facilities_process_management 14.2.0
oracle banking_virtual_account_management 14.2.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
CVE-2020-5414 MEDIUM

VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H 0.9 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-532,

Products Affected

Vendor Product Version
vmware operations_manager *
vmware tanzu_application_service_for_virtual_machines *
CVE-2020-5419 MEDIUM

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
vmware rabbitmq *
pivotal_software rabbitmq *
CVE-2020-5421 LOW

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N 1.3 4.7

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle retail_predictive_application_server 14.1
oracle retail_service_backbone 14.1.3
oracle primavera_p6_enterprise_project_portfolio_management *
oracle hyperion_infrastructure_technology 11.1.2.4
oracle retail_customer_management_and_segmentation_foundation *
oracle mysql_enterprise_monitor 8.0.23
oracle enterprise_data_quality 12.2.1.4.0
oracle mysql_enterprise_monitor *
oracle healthcare_master_person_index 4.0.2.5
vmware spring_framework *
oracle retail_customer_engagement *
oracle financial_services_analytical_applications_infrastructure *
oracle enterprise_data_quality 12.2.1.3.0
oracle retail_financial_integration 14.1.3
oracle endeca_information_discovery_integrator 3.2.0
oracle insurance_policy_administration 10.2
oracle insurance_policy_administration 10.2.4
oracle weblogic_server 12.2.1.3.0
oracle retail_returns_management 14.1
oracle goldengate_application_adapters 19.1.0.0.0
netapp snap_creator_framework -
oracle retail_invoice_matching 14.0
oracle insurance_policy_administration 11.0.2
oracle fusion_middleware 12.2.1.3.0
oracle retail_integration_bus 15.0.3
oracle communications_brm 12.0.0.3
oracle commerce_guided_search 11.3.2
netapp snapcenter -
oracle weblogic_server 12.2.1.4.0
netapp oncommand_insight -
oracle communications_unified_inventory_management 7.3.5
oracle flexcube_private_banking 12.1.0
oracle insurance_rules_palette 11.0.2
oracle retail_order_broker 16.0
oracle insurance_rules_palette 10.2.0
oracle insurance_policy_administration *
oracle weblogic_server 10.3.6.0.0
oracle retail_integration_bus 16.0.3
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 19.0.2
oracle retail_merchandising_system 16.0.3
oracle communications_brm 11.3.0.9
oracle retail_order_broker 15.0
oracle storagetek_tape_analytics_sw_tool 2.3
oracle retail_xstore_point_of_service 17.0.4
oracle communications_design_studio 7.3.5
oracle weblogic_server 12.1.3.0.0
oracle storagetek_acsls 8.5.1
oracle communications_design_studio 7.3.4
oracle retail_xstore_point_of_service 15.0.4
oracle communications_design_studio 7.4.0
oracle insurance_rules_palette 10.2.4
oracle insurance_rules_palette *
oracle fusion_middleware 12.2.1.4.0
oracle primavera_gateway *
oracle communications_unified_inventory_management 7.3.4
oracle retail_financial_integration 16.0.3
oracle retail_assortment_planning 16.0.3.0
oracle weblogic_server 14.1.1.0.0
oracle retail_service_backbone 15.0.3
oracle retail_xstore_point_of_service 16.0.6
oracle retail_financial_integration 15.0.3
oracle communications_session_report_manager *
oracle retail_bulk_data_integration 16.0.3.0
oracle retail_integration_bus 14.1.3
oracle retail_service_backbone 16.0.3
oracle flexcube_private_banking 12.0.0
oracle retail_invoice_matching 14.1
CVE-2020-5425 MEDIUM

Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.9 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H 1.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
vmware single_sign-on_for_tanzu *
CVE-2020-5426 MEDIUM

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
vmware pivotal_scheduler *
CVE-2020-5427 MEDIUM

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
vmware spring_cloud_data_flow *
CVE-2020-5428 MEDIUM

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L 1.2 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
vmware spring_cloud_task *
CVE-2021-21972 HIGH

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-21973 MEDIUM

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-21974 MEDIUM

OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware cloud_foundation *
vmware esxi 6.5
vmware esxi 6.7
CVE-2021-21975 MEDIUM

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
vmware vrealize_operations_manager 8.0.0
vmware cloud_foundation 3.9.1
vmware cloud_foundation 4.0
vmware cloud_foundation 3.9
vmware cloud_foundation 3.0.1
vmware cloud_foundation 3.8.1
vmware vrealize_operations_manager 8.1.1
vmware vrealize_operations_manager 7.5.0
vmware vrealize_suite_lifecycle_manager 8.1
vmware vrealize_suite_lifecycle_manager 8.0.1
vmware vrealize_operations_manager 8.1.0
vmware cloud_foundation 3.5.1
vmware cloud_foundation 3.7.2
vmware vrealize_operations_manager 8.2.0
vmware cloud_foundation 3.0.1.1
vmware vrealize_suite_lifecycle_manager 8.0
vmware vrealize_operations_manager 8.0.1
vmware cloud_foundation 3.5
vmware vrealize_suite_lifecycle_manager 8.2
vmware cloud_foundation 4.0.1
vmware cloud_foundation 3.10
vmware cloud_foundation 3.7
vmware vrealize_operations_manager 7.0.0
vmware cloud_foundation 3.0
vmware cloud_foundation 3.7.1
vmware cloud_foundation 3.8
vmware vrealize_operations_manager 8.3.0
CVE-2021-21976 MEDIUM

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vmware vsphere_replication *
CVE-2021-21978 HIGH

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-862,

Products Affected

Vendor Product Version
vmware view_planner *
vmware view_planner 4.6
CVE-2021-21980 MEDIUM

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 6.7
vmware cloud_foundation 3.0
CVE-2021-21981 MEDIUM

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
broadcom vmware_nsx-t_data_center 3.1.1
vmware nsx-t_data_center 3.1.1
CVE-2021-21982 MEDIUM

VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware carbon_black_cloud_workload *
CVE-2021-21983 HIGH

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vrealize_operations_manager 8.0.0
vmware cloud_foundation 3.9.1
vmware cloud_foundation 4.0
vmware cloud_foundation 3.9
vmware cloud_foundation 3.0.1
vmware cloud_foundation 3.8.1
vmware vrealize_operations_manager 8.1.1
vmware vrealize_operations_manager 7.5.0
vmware vrealize_suite_lifecycle_manager 8.1
vmware vrealize_suite_lifecycle_manager 8.0.1
vmware vrealize_operations_manager 8.1.0
vmware cloud_foundation 3.5.1
vmware cloud_foundation 3.7.2
vmware vrealize_operations_manager 8.2.0
vmware cloud_foundation 3.0.1.1
vmware vrealize_suite_lifecycle_manager 8.0
vmware vrealize_operations_manager 8.0.1
vmware cloud_foundation 3.5
vmware vrealize_suite_lifecycle_manager 8.2
vmware cloud_foundation 4.0.1
vmware cloud_foundation 3.10
vmware cloud_foundation 3.7
vmware vrealize_operations_manager 7.0.0
vmware cloud_foundation 3.0
vmware cloud_foundation 3.7.1
vmware cloud_foundation 3.8
vmware vrealize_operations_manager 8.3.0
CVE-2021-21984 HIGH

VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
vmware vrealize_business_for_cloud *
CVE-2021-21985 HIGH

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,CWE-20,CWE-470,CWE-918,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-21986 HIGH

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-21987 LOW

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware horizon_client *
vmware workstation *
CVE-2021-21988 LOW

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware horizon_client *
vmware workstation *
CVE-2021-21989 LOW

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware horizon_client *
vmware workstation *
CVE-2021-21990 MEDIUM

VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware workspace_one_unified_endpoint_management *
CVE-2021-21991 MEDIUM

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-21992 MEDIUM

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-21993 MEDIUM

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-21994 MEDIUM

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware cloud_foundation *
vmware esxi 6.5
vmware esxi 6.7
CVE-2021-21995 MEDIUM

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware cloud_foundation *
vmware esxi 6.5
vmware esxi 6.7
CVE-2021-21997 MEDIUM

VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware tools *
CVE-2021-21998 HIGH

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware carbon_black_app_control 8.1
vmware carbon_black_app_control *
vmware carbon_black_app_control 8.0
CVE-2021-21999 HIGH

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,

Products Affected

Vendor Product Version
vmware tools *
vmware remote_console *
vmware app_volumes *
CVE-2021-22000 MEDIUM

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
vmware thinapp *
CVE-2021-22002 HIGH

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.3
vmware cloud_foundation 4.1
vmware identity_manager 3.3.4
vmware cloud_foundation 4.0
vmware vrealize_suite_lifecycle_manager 8.0
vmware workspace_one_access 20.10
vmware cloud_foundation 4.2.1
vmware vrealize_suite_lifecycle_manager 8.2
vmware workspace_one_access 20.01
vmware cloud_foundation 4.0.1
vmware workspace_one_access 20.10.01
vmware identity_manager 3.3.5
vmware identity_manager 3.3.2
vmware cloud_foundation 4.1.0.1
vmware vrealize_suite_lifecycle_manager 8.1
vmware vrealize_suite_lifecycle_manager 8.0.1
CVE-2021-22003 MEDIUM

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.3
vmware cloud_foundation 4.1
vmware identity_manager 3.3.4
vmware cloud_foundation 4.0
vmware vrealize_suite_lifecycle_manager 8.0
vmware workspace_one_access 20.10
vmware cloud_foundation 4.2.1
vmware vrealize_suite_lifecycle_manager 8.2
vmware workspace_one_access 20.01
vmware cloud_foundation 4.0.1
vmware workspace_one_access 20.10.01
vmware identity_manager 3.3.5
vmware identity_manager 3.3.2
vmware cloud_foundation 4.1.0.1
vmware vrealize_suite_lifecycle_manager 8.1
vmware vrealize_suite_lifecycle_manager 8.0.1
CVE-2021-22005 HIGH

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22006 MEDIUM

The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22007 LOW

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22008 MEDIUM

The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22009 MEDIUM

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22010 MEDIUM

The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22011 MEDIUM

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22012 MEDIUM

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22013 MEDIUM

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22014 HIGH

The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22015 HIGH

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-552,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22016 MEDIUM

The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22017 MEDIUM

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.7
CVE-2021-22018 MEDIUM

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 7.0
vmware cloud_foundation *
CVE-2021-22019 MEDIUM

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22020 LOW

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22021 LOW

VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
vmware cloud_foundation *
CVE-2021-22022 MEDIUM

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware vrealize_operations_manager *
vmware vrealize_operations_manager 7.5.0
vmware cloud_foundation *
vmware vrealize_suite_lifecycle_manager *
CVE-2021-22023 MEDIUM

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,

Products Affected

Vendor Product Version
vmware vrealize_operations_manager *
vmware vrealize_operations_manager 7.5.0
vmware cloud_foundation *
vmware vrealize_suite_lifecycle_manager *
CVE-2021-22024 MEDIUM

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
vmware vrealize_operations_manager *
vmware vrealize_operations_manager 7.5.0
vmware cloud_foundation *
vmware vrealize_suite_lifecycle_manager *
CVE-2021-22025 MEDIUM

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware vrealize_operations_manager *
vmware vrealize_operations_manager 7.5.0
vmware cloud_foundation *
vmware vrealize_suite_lifecycle_manager *
CVE-2021-22026 MEDIUM

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
vmware vrealize_operations_manager *
vmware vrealize_operations_manager 7.5.0
vmware cloud_foundation *
vmware vrealize_suite_lifecycle_manager *
CVE-2021-22027 MEDIUM

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
vmware vrealize_operations_manager *
vmware vrealize_operations_manager 7.5.0
vmware cloud_foundation *
vmware vrealize_suite_lifecycle_manager *
CVE-2021-22029 MEDIUM

VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
vmware workspace_one_uem_console *
CVE-2021-22033 MEDIUM

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
vmware vrealize_operations *
vmware cloud_foundation *
vmware vrealize_suite_lifecycle_manager *
CVE-2021-22034 MEDIUM

Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vrealize_operations_tenant *
CVE-2021-22035 MEDIUM

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
vmware cloud_foundation *
vmware vrealize_suite_lifecycle_manager *
CVE-2021-22036 MEDIUM

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware vrealize_orchestrator *
vmware vrealize_automation *
CVE-2021-22037 MEDIUM

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
vmware installbuilder *
CVE-2021-22038 MEDIUM

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
vmware installbuilder *
CVE-2021-22040 MEDIUM

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware workstation_pro *
vmware fusion *
vmware workstation_player *
vmware cloud_foundation *
vmware esxi 6.5
vmware esxi 6.7
CVE-2021-22041 MEDIUM

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware fusion -
vmware esxi 7.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2021-22042 MEDIUM

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware cloud_foundation *
CVE-2021-22043 MEDIUM

VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware fusion *
CVE-2021-22044 MEDIUM

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-668,

Products Affected

Vendor Product Version
vmware spring_cloud_openfeign *
CVE-2021-22045 MEDIUM

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware fusion *
vmware cloud_foundation *
vmware esxi 6.5
vmware workstation *
vmware esxi 6.7
CVE-2021-22047 MEDIUM

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-668,

Products Affected

Vendor Product Version
vmware spring_data_rest *
CVE-2021-22048 MEDIUM

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2021-22049 HIGH

The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
CVE-2021-22050 MEDIUM

ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware cloud_foundation *
vmware esxi 6.5
vmware esxi 6.7
CVE-2021-22051 MEDIUM

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vmware spring_cloud_gateway *
CVE-2021-22053 MEDIUM

Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
vmware spring_cloud_netflix *
CVE-2021-22054 MEDIUM

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
vmware workspace_one_uem_console *
CVE-2021-22055 MEDIUM

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
vmware photon_os *
CVE-2021-22056 MEDIUM

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.3
vmware identity_manager 3.3.4
vmware workspace_one_access 20.10.01
vmware workspace_one_access 21.08
vmware identity_manager 3.3.5
vmware vrealize_automation 7.6
vmware workspace_one_access 20.10
vmware vrealize_automation *
vmware workspace_one_access 21.08.01
CVE-2021-22057 MEDIUM

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware workspace_one_access 21.08
vmware workspace_one_access 21.08.0.1
vmware workspace_one_access 20.10
vmware workspace_one_access 20.10.0.1
CVE-2021-22060 MEDIUM

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle communications_cloud_native_core_console 1.9.0
vmware spring_framework *
CVE-2021-22095 MEDIUM

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
vmware spring_advanced_message_queuing_protocol *
CVE-2021-22096 MEDIUM

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-117,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle communications_cloud_native_core_console 1.9.0
netapp active_iq_unified_manager -
netapp metrocluster_tiebreaker -
netapp snapcenter -
vmware spring_framework *
netapp snap_creator_framework -
netapp management_services_for_element_software_and_netapp_hci -
CVE-2021-22097 MEDIUM

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
vmware spring_advanced_message_queuing_protocol *
CVE-2021-22112 HIGH

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle communications_interactive_session_recorder 6.4
oracle insurance_policy_administration 11.3.0
oracle insurance_policy_administration 11.2.0
oracle communications_element_manager *
oracle mysql_enterprise_monitor *
oracle hospitality_cruise_shipboard_property_management_system 20.1.0
pivotal_software spring_security *
oracle communications_unified_inventory_management 7.4.1
vmware spring_security *
oracle communications_interactive_session_recorder 6.3
CVE-2021-22113 MEDIUM

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vmware spring_cloud_netflix_zuul *
CVE-2021-22114 MEDIUM

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmware spring_integration_zip *
CVE-2021-22116 MEDIUM

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-20,

Products Affected

Vendor Product Version
vmware rabbitmq *
debian debian_linux 9.0
CVE-2021-22117 MEDIUM

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-732,

Products Affected

Vendor Product Version
vmware rabbitmq *
CVE-2021-22118 MEDIUM

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-668,

Products Affected

Vendor Product Version
oracle retail_assortment_planning 16.0
oracle utilities_testing_accelerator 6.0.0.1.1
oracle communications_cloud_native_core_unified_data_repository 1.14.0
oracle retail_order_broker 16.0
oracle insurance_policy_administration *
oracle retail_integration_bus 16.0.3
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
oracle retail_customer_management_and_segmentation_foundation *
oracle enterprise_data_quality 12.2.1.4.0
oracle communications_element_manager *
oracle mysql_enterprise_monitor *
vmware spring_framework *
netapp hci -
oracle retail_merchandising_system 19.0.1
oracle communications_cloud_native_core_binding_support_function 1.9.0
oracle financial_services_analytical_applications_infrastructure *
oracle communications_diameter_intelligence_hub *
oracle insurance_rules_palette 11.1.0
oracle communications_interactive_session_recorder 6.4
oracle enterprise_data_quality 12.2.1.3.0
oracle utilities_testing_accelerator 6.0.0.2.2
oracle retail_integration_bus 15.0.3.1
netapp management_services_for_element_software -
oracle insurance_rules_palette 11.2.7
oracle communications_unified_inventory_management 7.4.1
oracle communications_session_route_manager *
oracle communications_unified_inventory_management 7.5.0
oracle insurance_rules_palette 11.3.0
oracle retail_predictive_application_server 15.0.3
oracle retail_financial_integration 16.0.3
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_unified_inventory_management 7.4.2
oracle utilities_testing_accelerator 6.0.0.3.1
oracle retail_integration_bus 14.1.3.2
oracle communications_brm_-_elastic_charging_engine 12.0.0.3
oracle insurance_rules_palette 11.3.1
oracle retail_predictive_application_server 16.0.3
oracle communications_session_report_manager *
oracle retail_predictive_application_server 14.1.3
oracle healthcare_data_repository 8.1.0
oracle commerce_guided_search 11.3.2
oracle retail_financial_integration 14.1.3.2
oracle communications_cloud_native_core_security_edge_protection_proxy 1.6.0
oracle documaker *
oracle communications_network_integrity 7.3.6
oracle insurance_rules_palette 11.0.2
oracle retail_financial_integration 15.0.3.1
CVE-2021-22119 MEDIUM

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-863,

Products Affected

Vendor Product Version
vmware spring_security *
oracle communications_cloud_native_core_policy 1.14.0
CVE-2021-26987 HIGH

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware spring_boot *
netapp element_plug-in_for_vcenter_server *
netapp management_services_for_element_software_and_netapp_hci *
netapp solidfire_&_hci_management_node *
CVE-2021-31693

The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0

Products Affected

Vendor Product Version
10web photo_gallery *
vmware tools *
CVE-2021-32718 LOW

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N 0.5 2.5
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
vmware rabbitmq *
CVE-2021-32719 LOW

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N 0.5 2.5
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
vmware rabbitmq *
CVE-2022-21123 LOW

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-459,CWE-459,

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
intel sgx_psw *
vmware esxi 7.0
debian debian_linux 11.0
debian debian_linux 10.0
intel sgx_dcap *
xen xen *
debian debian_linux 9.0
intel sgx_sdk *
CVE-2022-21125 LOW

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-459,CWE-459,

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
intel sgx_psw *
vmware esxi 7.0
debian debian_linux 11.0
debian debian_linux 10.0
intel sgx_dcap *
xen xen *
debian debian_linux 9.0
intel sgx_sdk *
CVE-2022-21166 LOW

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-459,CWE-459,

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
intel sgx_psw *
vmware esxi 7.0
debian debian_linux 11.0
debian debian_linux 10.0
intel sgx_dcap *
xen xen *
debian debian_linux 9.0
intel sgx_sdk *
CVE-2022-21793

Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
vmware i40en *
vmware ixgben *
CVE-2022-22938 LOW

VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware horizon *
vmware workstation *
CVE-2022-22939 MEDIUM

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
vmware cloud_foundation *
CVE-2022-22942

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware photon_os 4.0
vmware photon_os 3.0
CVE-2022-22943 HIGH

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,

Products Affected

Vendor Product Version
vmware tools *
CVE-2022-22944 LOW

VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware workspace_one_boxer *
CVE-2022-22945 HIGH

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vmware nsx_data_center *
vmware cloud_foundation *
CVE-2022-22946 LOW

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle commerce_guided_search 11.3.2
oracle communications_cloud_native_core_network_repository_function 22.1.2
vmware spring_cloud_gateway 3.1.0
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_console 22.2.0
CVE-2022-22947 MEDIUM

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-917,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle communications_cloud_native_core_network_repository_function 22.1.2
oracle communications_cloud_native_core_network_exposure_function 22.1.0
vmware spring_cloud_gateway *
oracle communications_cloud_native_core_console 22.2.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle commerce_guided_search 11.3.2
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
vmware spring_cloud_gateway 3.1.0
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_binding_support_function 1.11.0
CVE-2022-22948 MEDIUM

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
vmware cloud_foundation 3.11
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2022-22950 MEDIUM

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
vmware spring_framework *
CVE-2022-22951 HIGH

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vmware carbon_black_app_control *
CVE-2022-22952 HIGH

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
vmware carbon_black_app_control *
CVE-2022-22953 MEDIUM

VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vmware_hcx 4.3.1
vmware vmware_hcx 4.3.2
CVE-2022-22954 HIGH

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.3
vmware identity_manager 3.3.4
vmware vrealize_automation 7.6
vmware vrealize_suite_lifecycle_manager *
vmware workspace_one_access 21.08.0.0
vmware workspace_one_access 20.10.0.0
vmware identity_manager 3.3.5
vmware workspace_one_access 21.08.0.1
vmware cloud_foundation *
vmware workspace_one_access 20.10.0.1
vmware vrealize_automation *
CVE-2022-22955 HIGH

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.3
vmware workspace_one_access 20.10.0.0
vmware identity_manager 3.3.4
vmware identity_manager 3.3.5
vmware vrealize_automation 7.6
vmware workspace_one_access 21.08.0.1
vmware workspace_one_access 20.10.0.1
vmware workspace_one_access 21.08.0.0
vmware vrealize_automation *
CVE-2022-22956 HIGH

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.3
vmware workspace_one_access 20.10.0.0
vmware identity_manager 3.3.4
vmware identity_manager 3.3.5
vmware vrealize_automation 7.6
vmware workspace_one_access 21.08.0.1
vmware workspace_one_access 20.10.0.1
vmware workspace_one_access 21.08.0.0
vmware vrealize_automation *
CVE-2022-22957 MEDIUM

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.3
vmware identity_manager 3.3.4
vmware vrealize_automation 7.6
vmware vrealize_suite_lifecycle_manager *
vmware workspace_one_access 21.08.0.0
vmware workspace_one_access 20.10.0.0
vmware identity_manager 3.3.5
vmware workspace_one_access 21.08.0.1
vmware cloud_foundation *
vmware workspace_one_access 20.10.0.1
vmware vrealize_automation *
CVE-2022-22958 MEDIUM

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.3
vmware identity_manager 3.3.4
vmware vrealize_automation 7.6
vmware vrealize_suite_lifecycle_manager *
vmware workspace_one_access 21.08.0.0
vmware workspace_one_access 20.10.0.0
vmware identity_manager 3.3.5
vmware workspace_one_access 21.08.0.1
vmware cloud_foundation *
vmware workspace_one_access 20.10.0.1
vmware vrealize_automation *
CVE-2022-22959 MEDIUM

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.3
vmware identity_manager 3.3.4
vmware vrealize_automation 7.6
vmware vrealize_suite_lifecycle_manager *
vmware workspace_one_access 21.08.0.0
vmware workspace_one_access 20.10.0.0
vmware identity_manager 3.3.5
vmware workspace_one_access 21.08.0.1
vmware cloud_foundation *
vmware workspace_one_access 20.10.0.1
vmware vrealize_automation *
CVE-2022-22960 HIGH

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.3
vmware identity_manager 3.3.4
vmware vrealize_automation 7.6
vmware vrealize_suite_lifecycle_manager *
vmware workspace_one_access 21.08.0.0
vmware workspace_one_access 20.10.0.0
vmware identity_manager 3.3.5
vmware workspace_one_access 21.08.0.1
vmware cloud_foundation *
vmware workspace_one_access 20.10.0.1
vmware vrealize_automation *
CVE-2022-22961 MEDIUM

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.3
vmware identity_manager 3.3.4
vmware vrealize_automation 7.6
vmware vrealize_suite_lifecycle_manager *
vmware workspace_one_access 21.08.0.0
vmware workspace_one_access 20.10.0.0
vmware identity_manager 3.3.5
vmware workspace_one_access 21.08.0.1
vmware cloud_foundation *
vmware workspace_one_access 20.10.0.1
vmware vrealize_automation *
CVE-2022-22962 HIGH

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
vmware horizon *
CVE-2022-22963 HIGH

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-917,

Products Affected

Vendor Product Version
oracle sd-wan_edge 9.0
oracle communications_cloud_native_core_console 1.9.0
oracle banking_branch 14.5
oracle financial_services_behavior_detection_platform 8.1.1.1
oracle banking_credit_facilities_process_management 14.5
oracle communications_cloud_native_core_policy 1.15.0
oracle communications_cloud_native_core_automated_test_suite 22.1.0
oracle communications_cloud_native_core_unified_data_repository 22.1.0
oracle banking_trade_finance_process_management 14.5
oracle banking_electronic_data_exchange_for_corporates 14.5
oracle banking_origination 14.5
oracle retail_xstore_point_of_service 21.0.0
oracle financial_services_enterprise_case_management 8.1.1.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.2
oracle product_lifecycle_analytics 3.6.1.0
oracle communications_cloud_native_core_policy 22.1.3
oracle retail_xstore_point_of_service 20.0.1
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle financial_services_analytical_applications_infrastructure 8.1.2.0
oracle mysql_enterprise_monitor *
oracle communications_cloud_native_core_unified_data_repository 1.15.0
vmware spring_cloud_function *
oracle communications_cloud_native_core_policy 22.1.0
oracle banking_corporate_lending_process_management 14.5
oracle financial_services_enterprise_case_management 8.1.2.0
oracle banking_cash_management 14.5
oracle communications_communications_policy_management 12.6.0.0.0
oracle banking_liquidity_management 14.2
oracle banking_supply_chain_finance 14.5
oracle financial_services_enterprise_case_management 8.1.1.1
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle financial_services_behavior_detection_platform 8.1.1.0
oracle banking_virtual_account_management 14.5
oracle communications_cloud_native_core_automated_test_suite 1.9.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
oracle communications_cloud_native_core_network_exposure_function 22.1.0
oracle banking_liquidity_management 14.5
oracle communications_cloud_native_core_network_repository_function 22.1.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
oracle financial_services_analytical_applications_infrastructure 8.1.1.0
oracle communications_cloud_native_core_console 22.1.0
oracle sd-wan_edge 9.1
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle financial_services_behavior_detection_platform 8.1.2.0
CVE-2022-22964 HIGH

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware horizon *
CVE-2022-22965 HIGH

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
veritas flex_appliance 2.0.2
veritas netbackup_appliance 4.0.0.1
oracle communications_cloud_native_core_network_slice_selection_function 1.15.0
siemens simatic_speech_assistant_for_machines *
oracle communications_cloud_native_core_unified_data_repository 22.1.0
veritas flex_appliance 2.0
oracle financial_services_analytical_applications_infrastructure 8.1.2.0
oracle mysql_enterprise_monitor *
oracle communications_cloud_native_core_unified_data_repository 1.15.0
vmware spring_framework *
veritas access_appliance 7.4.3
oracle financial_services_enterprise_case_management 8.1.2.0
cisco cx_cloud_agent *
oracle financial_services_enterprise_case_management 8.1.1.1
oracle retail_integration_bus 15.0.3.1
veritas flex_appliance 1.3
oracle communications_cloud_native_core_automated_test_suite 1.9.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.0
oracle communications_unified_inventory_management 7.4.1
oracle communications_unified_inventory_management 7.5.0
oracle weblogic_server 12.2.1.3.0
veritas netbackup_virtual_appliance 4.1.0.1
oracle communications_unified_inventory_management 7.4.2
veritas netbackup_virtual_appliance 4.0
oracle retail_customer_management_and_segmentation_foundation 17.0
siemens sinec_network_management_system *
veritas flex_appliance 2.1
oracle communications_cloud_native_core_network_repository_function 22.1.0
oracle commerce_platform 11.3.2
oracle communications_cloud_native_core_console 22.1.0
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle retail_financial_integration 14.1.3.2
siemens sipass_integrated 2.85
oracle weblogic_server 12.2.1.4.0
oracle financial_services_behavior_detection_platform 8.1.2.0
veritas access_appliance 7.4.3.200
oracle retail_customer_management_and_segmentation_foundation 18.0
siemens sipass_integrated 2.80
oracle sd-wan_edge 9.0
veritas netbackup_virtual_appliance 4.1
oracle communications_cloud_native_core_console 1.9.0
oracle financial_services_behavior_detection_platform 8.1.1.1
veritas netbackup_appliance 4.0
oracle communications_cloud_native_core_policy 1.15.0
oracle communications_cloud_native_core_automated_test_suite 22.1.0
oracle retail_integration_bus 19.0.1
oracle retail_integration_bus 16.0.3
oracle financial_services_analytical_applications_infrastructure 8.1.1
veritas netbackup_appliance 4.1.0.1
oracle retail_xstore_point_of_service 21.0.0
oracle financial_services_enterprise_case_management 8.1.1.0
siemens siveillance_identity 1.6
oracle communications_policy_management 12.6.0.0.0
oracle retail_bulk_data_integration 16.0.3
oracle retail_xstore_point_of_service 20.0.1
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle retail_merchandising_system 16.0.3
oracle communications_cloud_native_core_binding_support_function 22.1.3
veritas access_appliance 7.4.3.100
siemens siveillance_identity 1.5
oracle retail_merchandising_system 19.0.1
veritas netbackup_flex_scale_appliance 3.0
oracle communications_cloud_native_core_policy 22.1.0
siemens operation_scheduler *
veritas netbackup_flex_scale_appliance 2.1
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle financial_services_behavior_detection_platform 8.1.1.0
oracle product_lifecycle_analytics 3.6.1
oracle retail_financial_integration 19.0.1
veritas netbackup_appliance 4.1
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
oracle retail_financial_integration 16.0.3
oracle communications_cloud_native_core_network_exposure_function 22.1.0
oracle weblogic_server 14.1.1.0.0
oracle retail_integration_bus 14.1.3.2
veritas flex_appliance 2.0.1
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
oracle sd-wan_edge 9.1
veritas netbackup_virtual_appliance 4.0.0.1
oracle retail_financial_integration 15.0.3.1
CVE-2022-22966 MEDIUM

An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vcloud_director *
CVE-2022-22968 MEDIUM

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-178,

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
netapp active_iq_unified_manager -
oracle mysql_enterprise_monitor *
netapp snapmanager -
netapp metrocluster_tiebreaker -
vmware spring_framework *
netapp snap_creator_framework -
CVE-2022-22970 LOW

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
netapp active_iq_unified_manager -
vmware spring_framework *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
netapp brocade_san_navigator -
netapp oncommand_insight -
CVE-2022-22971 MEDIUM

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
vmware spring_framework *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
netapp oncommand_insight -
CVE-2022-22972 HIGH

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware identity_manager 3.3.3
vmware cloud_foundation 4.1
vmware vrealize_suite_lifecycle_manager 8.4
vmware cloud_foundation 4.0
vmware cloud_foundation 3.0.1
vmware cloud_foundation 3.11.0.1
vmware workspace_one_access 21.08.0.0
vmware vrealize_suite_lifecycle_manager 8.4.1
vmware cloud_foundation 3.8.1
vmware vrealize_suite_lifecycle_manager 8.1
vmware vrealize_suite_lifecycle_manager 8.0.1
vmware identity_manager 3.3.6
vmware cloud_foundation 3.5.1
vmware identity_manager 3.3.4
vmware vrealize_automation 7.6
vmware vrealize_suite_lifecycle_manager 8.0
vmware cloud_foundation 4.2.1
vmware cloud_foundation 3.5
vmware vrealize_suite_lifecycle_manager 8.2
vmware cloud_foundation 4.0.1
vmware cloud_foundation 3.10
vmware cloud_foundation 4.3.1
vmware cloud_foundation 3.0
vmware cloud_foundation 4.1.0.1
vmware cloud_foundation 3.8
vmware cloud_foundation 3.10.2.2
vmware cloud_foundation 3.9.1
vmware vrealize_suite_lifecycle_manager 8.8
vmware vrealize_suite_lifecycle_manager 8.6.2
vmware cloud_foundation 3.9
vmware vrealize_suite_lifecycle_manager 8.3
vmware workspace_one_access 20.10.0.0
vmware cloud_foundation 4.2
vmware identity_manager 3.3.5
vmware workspace_one_access 21.08.0.1
vmware workspace_one_access 20.10.0.1
vmware vrealize_suite_lifecycle_manager 8.6
vmware vrealize_suite_lifecycle_manager 8.6.1
vmware cloud_foundation 3.7.2
vmware cloud_foundation 3.0.1.1
vmware vrealize_suite_lifecycle_manager 8.7
vmware cloud_foundation 3.10.1.2
vmware cloud_foundation 3.11
vmware cloud_foundation 3.10.1
vmware cloud_foundation 3.7
vmware cloud_foundation 3.10.2.1
vmware cloud_foundation 4.3
vmware cloud_foundation 3.7.1
vmware cloud_foundation 3.10.1.1
CVE-2022-22973 HIGH

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vmware vrealize_suite_lifecycle_manager 8.8
vmware identity_manager 3.3.3
vmware cloud_foundation 4.1
vmware vrealize_suite_lifecycle_manager 8.4
vmware cloud_foundation 4.0
vmware vrealize_suite_lifecycle_manager 8.6.2
vmware workspace_one_access 21.08.0.0
vmware vrealize_suite_lifecycle_manager 8.3
vmware vrealize_suite_lifecycle_manager 8.4.1
vmware workspace_one_access 20.10.0.0
vmware cloud_foundation 4.2
vmware identity_manager 3.3.5
vmware workspace_one_access 21.08.0.1
vmware vrealize_suite_lifecycle_manager 8.1
vmware workspace_one_access 20.10.0.1
vmware vrealize_suite_lifecycle_manager 8.0.1
vmware vrealize_suite_lifecycle_manager 8.6
vmware identity_manager 3.3.6
vmware vrealize_suite_lifecycle_manager 8.6.1
vmware identity_manager 3.3.4
vmware vrealize_suite_lifecycle_manager 8.0
vmware cloud_foundation 4.2.1
vmware vrealize_suite_lifecycle_manager 8.2
vmware vrealize_suite_lifecycle_manager 8.7
vmware cloud_foundation 4.0.1
vmware cloud_foundation 4.3
vmware cloud_foundation 4.3.1
vmware cloud_foundation 4.1.0.1
CVE-2022-22975 MEDIUM

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
vmware pinniped *
CVE-2022-22976 MEDIUM

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
vmware spring_security 5.2.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
netapp active_iq_unified_manager -
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
vmware spring_security *
CVE-2022-22977 LOW

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-611,

Products Affected

Vendor Product Version
vmware tools *
CVE-2022-22978 HIGH

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
netapp active_iq_unified_manager -
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
vmware spring_security *
CVE-2022-22979 MEDIUM

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
vmware spring_cloud_function *
CVE-2022-22980 MEDIUM

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-917,

Products Affected

Vendor Product Version
vmware spring_data_mongodb 3.4.0
vmware spring_data_mongodb *
CVE-2022-22982

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2022-22983

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N 1.5 4.0

Products Affected

Vendor Product Version
vmware workstation *
CVE-2022-23825 LOW

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

CVSS 2.0

Severity: LOW

Problem Type: CWE-668,

Products Affected

Vendor Product Version
amd athlon_silver_3050u_firmware -
amd epyc_7532_firmware -
amd epyc_7002_firmware -
amd athlon_x4_835_firmware -
amd ryzen_5_4600u_firmware -
amd ryzen_threadripper_3970x_firmware -
amd ryzen_7_2700x_firmware -
amd ryzen_7_3700x_firmware -
amd ryzen_5_2600x_firmware -
amd epyc_7f32_firmware -
fedoraproject fedora 36
amd a10-9600p_firmware -
amd ryzen_7_4700u_firmware -
amd athlon_x4_760k_firmware -
amd ryzen_threadripper_3960x_firmware -
amd epyc_7551_firmware -
amd ryzen_5_2700_firmware -
amd ryzen_3_3300u_firmware -
amd ryzen_5_3450g_firmware -
amd ryzen_5_4600g_firmware -
amd ryzen_9_4900h_firmware -
amd ryzen_3_3200u_firmware -
amd ryzen_3_3300x_firmware -
amd ryzen_7_3750h_firmware -
amd ryzen_threadripper_pro_5965wx_firmware -
amd epyc_7601_firmware -
amd ryzen_5_3600x_firmware -
amd athlon_gold_3150u_firmware -
amd epyc_7502p_firmware -
amd ryzen_7_4700ge_firmware -
amd epyc_7402p_firmware -
amd ryzen_3_3250u_firmware -
amd epyc_7552_firmware -
amd ryzen_5_2500u_firmware -
amd a12-9730p_firmware -
amd ryzen_5_2600_firmware -
amd ryzen_5_2700x_firmware -
amd a6-9220c_firmware -
amd epyc_7352_firmware -
amd athlon_x4_845_firmware -
amd ryzen_threadripper_pro_5955wx_firmware -
amd ryzen_7_3800x_firmware -
amd ryzen_threadripper_pro_3955wx_firmware -
amd epyc_7351p_firmware -
amd epyc_7742_firmware -
amd a10-9630p_firmware -
amd athlon_x4_940_firmware -
amd ryzen_5_3400g_firmware -
amd athlon_x4_870k_firmware -
amd a4-9120_firmware -
amd ryzen_7_2700u_firmware -
amd epyc_7261_firmware -
amd ryzen_threadripper_2970wx_firmware -
amd epyc_7252_firmware -
amd epyc_7642_firmware -
amd epyc_7262_firmware -
amd ryzen_5_4500u_firmware -
amd ryzen_7_2800h_firmware -
amd epyc_7282_firmware -
amd ryzen_threadripper_2950x_firmware -
amd epyc_7371_firmware -
amd athlon_x4_950_firmware -
amd ryzen_3_4300g_firmware -
amd athlon_x4_880k_firmware -
amd ryzen_threadripper_pro_5945wx_firmware -
amd a6-9220_firmware -
amd ryzen_threadripper_pro_3795wx_firmware -
amd ryzen_5_3600xt_firmware -
amd ryzen_7_4800u_firmware -
amd ryzen_7_3700u_firmware -
amd epyc_7702_firmware -
amd ryzen_threadripper_2920x_firmware -
amd epyc_7551p_firmware -
amd ryzen_3_4300ge_firmware -
amd ryzen_5_3500u_firmware -
amd ryzen_3_2200u_firmware -
amd ryzen_3_2300u_firmware -
amd epyc_7401p_firmware -
amd athlon_x4_830_firmware -
amd epyc_7272_firmware -
amd ryzen_7_4800h_firmware -
amd ryzen_threadripper_3990x_firmware -
amd ryzen_5_3600_firmware -
amd ryzen_5_2600h_firmware -
amd athlon_x4_750_firmware -
fedoraproject fedora 35
amd epyc_7251_firmware -
amd a12-9700p_firmware -
amd ryzen_threadripper_2990wx_firmware -
amd athlon_x4_860k_firmware -
amd epyc_7302_firmware -
amd ryzen_threadripper_pro_3945wx_firmware -
amd a9-9410_firmware -
amd ryzen_5_3550h_firmware -
amd epyc_7f72_firmware -
amd ryzen_3_4300u_firmware -
amd epyc_7542_firmware -
amd epyc_7451_firmware -
amd epyc_7402_firmware -
amd epyc_7662_firmware -
amd epyc_7401_firmware -
amd ryzen_threadripper_pro_5975wx_firmware -
amd epyc_7351_firmware -
amd epyc_7f52_firmware -
amd ryzen_threadripper_pro_3995wx_firmware -
amd a6-9210_firmware -
debian debian_linux 11.0
amd ryzen_3_3100_firmware -
amd epyc_7501_firmware -
amd ryzen_3_3300g_firmware -
amd epyc_7h12_firmware -
amd epyc_7001_firmware -
amd epyc_7281_firmware -
amd epyc_7301_firmware -
amd athlon_x4_970_firmware -
vmware esxi 7.0
amd ryzen_threadripper_pro_5995wx_firmware -
amd ryzen_7_2700_firmware -
amd ryzen_5_4600ge_firmware -
amd ryzen_7_4700g_firmware -
amd a9-9420_firmware -
amd epyc_7452_firmware -
amd epyc_7302p_firmware -
amd ryzen_7_3800xt_firmware -
amd ryzen_5_4600h_firmware -
amd athlon_x4_840_firmware -
amd epyc_7502_firmware -
CVE-2022-27772 MEDIUM

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
vmware spring_boot *
CVE-2022-29901 LOW

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0
vulnerability@ncsc.ch 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-668,

Products Affected

Vendor Product Version
intel core_i3-8100h_firmware -
intel core_m5-6y57_firmware -
debian debian_linux 10.0
intel core_i7-8700t_firmware -
intel core_i7-6920hq_firmware -
intel core_i5-8250u_firmware -
intel core_i7-6822eq_firmware -
intel core_i3-6100_firmware -
fedoraproject fedora 36
intel core_i7-6820hk_firmware -
intel core_i7-8705g_firmware -
intel core_i5-6500te_firmware -
intel core_i5-8300h_firmware -
intel core_i7-8750h_firmware -
intel core_i7-6500u_firmware -
intel core_i5-8210y_firmware -
xen xen -
intel core_i3-6100h_firmware -
intel core_i5-8200y_firmware -
intel core_i5-6360u_firmware -
intel core_i3-6320_firmware -
intel core_i7-8709g_firmware -
intel core_i5-8400_firmware -
intel core_i7-8510y_firmware -
intel core_i5-8259u_firmware -
intel core_i5-8420t_firmware -
intel core_i5-6440eq_firmware -
intel core_i5-6300hq_firmware -
intel core_i5-8365u_firmware -
intel core_i7-8700_firmware -
intel core_i3-8020_firmware -
intel core_i3-8350k_firmware -
intel core_i5-6400t_firmware -
intel core_i5-8400h_firmware -
intel core_i7-6660u_firmware -
intel core_i7-8670t_firmware -
intel core_i7-8670_firmware -
intel core_i7-6700hq_firmware -
intel core_i3-8130u_firmware -
intel core_i5-8600k_firmware -
intel core_m3-8100y_firmware -
intel core_i7-8700k_firmware -
intel core_i5-6500_firmware -
intel core_i7-6650u_firmware -
intel core_i3-6120_firmware -
intel core_i3-8000t_firmware -
intel core_i5-8600t_firmware -
intel core_i7-6820hq_firmware -
intel core_i5-6400_firmware -
intel core_i7-6700_firmware -
intel core_i3-6110u_firmware -
intel core_i5-8305g_firmware -
intel core_i5-8400t_firmware -
intel core_i3-6100u_firmware -
intel core_i7-8706g_firmware -
intel core_i7-6820eq_firmware -
intel core_i5-8350u_firmware -
intel core_i7-8750hf_firmware -
intel core_i7-6870hq_firmware -
intel core_i3-8300_firmware -
intel core_i7-8550u_firmware -
intel core_i7-6970hq_firmware -
intel core_i5-6210u_firmware -
intel core_i3-6167u_firmware -
intel core_i9-8950hk_firmware -
intel core_i3-8000_firmware -
intel core_i7-8665u_firmware -
intel core_i7-8500y_firmware -
intel core_i3-8100_firmware -
intel core_i3-6102e_firmware -
intel core_i5-6600_firmware -
intel core_i3-8100t_firmware -
intel core_i7-8565u_firmware -
intel core_i5-6442eq_firmware -
intel core_i3-6100t_firmware -
intel core_i5-6310u_firmware -
intel core_i7-8850h_firmware -
intel core_i5-6200u_firmware -
intel core_i7-6600u_firmware -
intel core_i5-6600t_firmware -
intel core_i7-8700b_firmware -
intel core_i7-8809g_firmware -
intel core_i5-8420_firmware -
intel core_i5-8550u_firmware -
intel core_i5-8310y_firmware -
intel core_i5-6260u_firmware -
intel core_i5-6350hq_firmware -
fedoraproject fedora 35
intel core_i7-6700te_firmware -
intel core_i5-8550_firmware -
intel core_i7-8569u_firmware -
intel core_i7-6560u_firmware -
intel core_i5-6300u_firmware -
intel core_m3-6y30_firmware -
intel core_i5-8500t_firmware -
intel core_i3-8145u_firmware -
intel core_i5-8650k_firmware -
intel core_i7-6567u_firmware -
intel core_i5-6267u_firmware -
intel core_i3-8300t_firmware -
intel core_i5-8600_firmware -
intel core_i5-6500t_firmware -
intel core_i5-6440hq_firmware -
intel core_i5-6287u_firmware -
intel core_i7-8650u_firmware -
debian debian_linux 11.0
intel core_m7-6y75_firmware -
intel core_i5-8269u_firmware -
intel core_m5-6y54_firmware -
intel core_i7-8559u_firmware -
intel core_i7-6770hq_firmware -
intel core_i5-8500b_firmware -
intel core_i3-6100te_firmware -
vmware esxi 7.0
intel core_i5-8650_firmware -
intel core_i5-8265u_firmware -
intel core_i3-6300_firmware -
intel core_i7-8557u_firmware -
intel core_i5-8500_firmware -
intel core_i3-8109u_firmware -
intel core_i5-8400b_firmware -
intel core_i3-8120_firmware -
intel core_i3-6300t_firmware -
intel core_i5-6600k_firmware -
intel core_i7-8560u_firmware -
intel core_i7-6700t_firmware -
intel core_i3-6320t_firmware -
intel core_i3-6120t_firmware -
intel core_i7-6700k_firmware -
intel core_i3-6100e_firmware -
intel core_i7-6510u_firmware -
CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security-advisories@github.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
vmware rabbitmq *
CVE-2022-31654 LOW

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2022-31655 LOW

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware access_connector 21.08.0.0
vmware identity_manager_connector 19.03.0.1
vmware access_connector 22.05
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.5
vmware one_access 21.08.0.0
vmware one_access 21.08.0.1
vmware access_connector 21.08.0.1
CVE-2022-31657

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware access_connector 21.08.0.0
vmware identity_manager_connector 19.03.0.1
vmware access_connector 22.05
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.5
vmware one_access 21.08.0.0
vmware one_access 21.08.0.1
vmware access_connector 21.08.0.1
CVE-2022-31658

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware access_connector 21.08.0.0
vmware identity_manager_connector 19.03.0.1
vmware access_connector 22.05
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.5
vmware one_access 21.08.0.0
vmware one_access 21.08.0.1
vmware access_connector 21.08.0.1
CVE-2022-31659

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware identity_manager_connector 19.03.0.1
vmware access_connector 22.08.0.0
vmware access_connector 22.05
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.5
vmware access_connector 22.08.0.1
vmware one_access 21.08.0.0
vmware one_access 21.08.0.1
CVE-2022-31660

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware access_connector 21.08.0.0
vmware identity_manager_connector 19.03.0.1
vmware access_connector 22.05
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.5
vmware one_access 21.08.0.0
vmware one_access 21.08.0.1
vmware access_connector 21.08.0.1
CVE-2022-31661

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware access_connector 21.08.0.0
vmware identity_manager_connector 19.03.0.1
vmware access_connector 22.05
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.5
vmware one_access 21.08.0.0
vmware one_access 21.08.0.1
vmware access_connector 21.08.0.1
CVE-2022-31662

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware access_connector 21.08.0.0
vmware identity_manager_connector 19.03.0.1
vmware access_connector 22.05
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.5
vmware one_access 21.08.0.0
vmware one_access 21.08.0.1
vmware access_connector 21.08.0.1
CVE-2022-31663

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware access_connector 21.08.0.0
vmware identity_manager_connector 19.03.0.1
vmware access_connector 22.05
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.5
vmware one_access 21.08.0.0
vmware one_access 21.08.0.1
vmware access_connector 21.08.0.1
CVE-2022-31664

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware access_connector 21.08.0.0
vmware identity_manager_connector 19.03.0.1
vmware access_connector 22.05
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.5
vmware one_access 21.08.0.0
vmware one_access 21.08.0.1
vmware access_connector 21.08.0.1
CVE-2022-31665

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager_connector 3.3.4
vmware identity_manager_connector 3.3.6
vmware identity_manager 3.3.4
vmware identity_manager_connector 3.3.5
vmware identity_manager 3.3.5
vmware one_access 21.08.0.0
vmware identity_manager_connector 19.03.0.1
vmware one_access 21.08.0.1
CVE-2022-31672

VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2022-31673

VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2022-31674

VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2022-31675

VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2022-31676

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
debian debian_linux 11.0
vmware tools *
debian debian_linux 10.0
netapp ontap_select_deploy_administration_utility -
CVE-2022-31677

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
vmware pinniped *
CVE-2022-31678

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
vmware nsx_data_center *
vmware cloud_foundation *
CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
vmware spring_data_rest *
CVE-2022-31680

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcenter_server 6.5
CVE-2022-31681

VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware esxi *
vmware cloud_foundation 4.4.1.1
vmware cloud_foundation *
vmware cloud_foundation 4.4.1
vmware cloud_foundation 4.4
CVE-2022-31682

VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2022-31685

VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware workspace_one_assist *
CVE-2022-31686

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware workspace_one_assist *
CVE-2022-31687

VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware workspace_one_assist *
CVE-2022-31688

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
vmware workspace_one_assist *
CVE-2022-31689

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware workspace_one_assist *
CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
vmware spring_security *
CVE-2022-31691

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.

Products Affected

Vendor Product Version
vmware spring_boot_tools *
vmware concourse_ci_pipeline_editor *
vmware spring_tools *
vmware bosh_editor *
vmware cloudfoundry_manifest_yml_support *
CVE-2022-31692

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
vmware spring_security *
CVE-2022-31693

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

Products Affected

Vendor Product Version
vmware tools *
CVE-2022-31696

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware cloud_foundation 4.5
vmware cloud_foundation 4.4.1.1
vmware cloud_foundation 4.4.1
vmware esxi 6.7
vmware cloud_foundation 4.4
vmware cloud_foundation 3.11
vmware cloud_foundation 3.10
vmware cloud_foundation 4.76
vmware cloud_foundation *
vmware esxi 6.5
vmware cloud_foundation 4.3.11
CVE-2022-31697

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

Products Affected

Vendor Product Version
vmware vcenter_server 6.5
vmware vcenter_server 7.0
vmware vcenter_server 6.7
vmware cloud_foundation *
CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

Products Affected

Vendor Product Version
vmware cloud_foundation 3.10.2.2
vmware cloud_foundation 3.9.1
vmware cloud_foundation 4.1
vmware vcenter_server 7.0
vmware cloud_foundation 4.0
vmware cloud_foundation 3.9
vmware cloud_foundation 3.0.1
vmware cloud_foundation 4.4.1
vmware cloud_foundation 4.4
vmware cloud_foundation 4.2
vmware vcenter_server 6.5
vmware cloud_foundation 3.8.1
vmware cloud_foundation 3.5.1
vmware cloud_foundation 3.7.2
vmware cloud_foundation 3.10.2
vmware vcenter_server 6.7
vmware cloud_foundation 3.0.1.1
vmware cloud_foundation 4.4.1.1
vmware cloud_foundation 4.2.1
vmware cloud_foundation 3.5
vmware cloud_foundation 4.0.1
vmware cloud_foundation 3.10.1.2
vmware cloud_foundation 3.11
vmware cloud_foundation 3.10.1
vmware cloud_foundation 3.10
vmware cloud_foundation 3.7
vmware cloud_foundation 3.10.2.1
vmware cloud_foundation 4.3
vmware cloud_foundation 4.3.1
vmware cloud_foundation 3.0
vmware cloud_foundation 4.1.0.1
vmware cloud_foundation 3.7.1
vmware cloud_foundation 3.8
vmware cloud_foundation 3.10.1.1
CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

Products Affected

Vendor Product Version
vmware cloud_foundation 3.10.2.2
vmware cloud_foundation 3.9.1
vmware cloud_foundation 4.1
vmware cloud_foundation 4.0
vmware cloud_foundation 3.9
vmware cloud_foundation 3.0.1
vmware cloud_foundation 4.4.1
vmware cloud_foundation 4.4
vmware cloud_foundation 4.2
vmware cloud_foundation 3.8.1
vmware cloud_foundation 3.5.1
vmware cloud_foundation 3.7.2
vmware esxi 7.0
vmware cloud_foundation 3.0.1.1
vmware cloud_foundation 4.4.1.1
vmware cloud_foundation 4.2.1
vmware cloud_foundation 3.5
vmware esxi 6.7
vmware cloud_foundation 4.0.1
vmware cloud_foundation 3.10.1.2
vmware cloud_foundation 3.11
vmware cloud_foundation 3.10.1
vmware cloud_foundation 3.10
vmware cloud_foundation 3.7
vmware cloud_foundation 3.10.2.1
vmware cloud_foundation 4.3
vmware cloud_foundation 4.3.1
vmware cloud_foundation 3.0
vmware cloud_foundation 4.1.0.1
vmware esxi 6.5
vmware cloud_foundation 3.7.1
vmware cloud_foundation 3.8
vmware cloud_foundation 3.10.1.1
CVE-2022-31700

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware access 21.08.0.0
vmware cloud_foundation -
vmware access 21.08.0.1
CVE-2022-31701

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Products Affected

Vendor Product Version
vmware access 21.08.0.0
vmware identity_manager_connector 3.3.6
vmware cloud_foundation *
vmware access 22.09.0.0
vmware access 21.08.0.1
CVE-2022-31702

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.

Products Affected

Vendor Product Version
vmware vrealize_network_insight 6.4.0
vmware vrealize_network_insight 6.5.1
vmware vrealize_network_insight 6.6.0
vmware vrealize_network_insight 6.7.0
vmware vrealize_network_insight 6.2.0
vmware vrealize_network_insight 6.3.0
CVE-2022-31703

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2022-31704

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2022-31705

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware esxi 8.0
vmware fusion *
vmware workstation *
CVE-2022-31706

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2022-31707

vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

Products Affected

Vendor Product Version
vmware vrealize_operations *
vmware vrealize_operations 8.10.0
CVE-2022-31708

vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.

Products Affected

Vendor Product Version
vmware vrealize_operations *
vmware vrealize_operations 8.10.0
CVE-2022-31710

vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.

Products Affected

Vendor Product Version
vmware vrealize_log_insight *
CVE-2022-36416

Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@intel.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 1.8 2.5
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware ixgben *
CVE-2022-36797

Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@intel.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
vmware ixgben *
CVE-2022-38650

A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
vmware hyperic_server 5.8.6
CVE-2022-38651

A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
vmware hyperic_server 5.8.6
CVE-2022-38652

A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
vmware hyperic_agent 5.8.6
CVE-2023-20854

VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 2.0 5.8

Products Affected

Vendor Product Version
vmware workstation 17.0
CVE-2023-20855

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
vmware vrealize_orchestrator *
vmware vrealize_automation *
CVE-2023-20856

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.

Products Affected

Vendor Product Version
vmware vrealize_operations *
CVE-2023-20857

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
vmware workspace_one_content *
CVE-2023-20858

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
vmware carbon_black_app_control *
CVE-2023-20859

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
vmware spring_cloud_config *
vmware spring_cloud_vault *
vmware spring_cloud_vault 4.0.0
vmware spring_vault *
CVE-2023-20860

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
vmware spring_framework *
CVE-2023-20861

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
vmware spring_framework *
CVE-2023-20862

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
vmware spring_security *
CVE-2023-20863

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Products Affected

Vendor Product Version
vmware spring_framework *
CVE-2023-20864

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

Products Affected

Vendor Product Version
vmware aria_operations_for_logs *
vmware cloud_foundation *
CVE-2023-20865

VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.

Products Affected

Vendor Product Version
vmware aria_operations_for_logs *
vmware cloud_foundation *
CVE-2023-20866

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.

Products Affected

Vendor Product Version
vmware spring_session 3.0.0
CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 3.9 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N 0.8 2.7

Products Affected

Vendor Product Version
fedoraproject fedora 37
debian debian_linux 11.0
vmware tools *
fedoraproject fedora 39
debian debian_linux 10.0
fedoraproject fedora 38
debian debian_linux 12.0
CVE-2023-20868

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.

Products Affected

Vendor Product Version
broadcom vmware_nsx-t_data_center *
vmware nsx-t_data_center *
CVE-2023-20869

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2023-20870

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2023-20871

VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.

Products Affected

Vendor Product Version
vmware fusion *
CVE-2023-20872

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.

Products Affected

Vendor Product Version
vmware fusion 13.0.0
vmware workstation 17.0.0
CVE-2023-20873

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

Products Affected

Vendor Product Version
vmware spring_boot *
CVE-2023-20877

VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.

Products Affected

Vendor Product Version
vmware vrealize_operations 8.10.0
vmware vrealize_operations 8.6.0
vmware cloud_foundation *
CVE-2023-20878

VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.

Products Affected

Vendor Product Version
vmware vrealize_operations 8.10.0
vmware vrealize_operations 8.6.0
vmware cloud_foundation *
CVE-2023-20879

VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.

Products Affected

Vendor Product Version
vmware vrealize_operations 8.10.0
vmware vrealize_operations 8.6.0
vmware cloud_foundation *
CVE-2023-20880

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

Products Affected

Vendor Product Version
vmware aria_operations *
vmware cloud_foundation *
CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

Products Affected

Vendor Product Version
vmware spring_boot *
CVE-2023-20884

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
vmware identity_manager 3.3.6
vmware identity_manager 3.3.7
vmware cloud_foundation -
vmware workspace_one_access *
vmware identity_manager_connector *
CVE-2023-20886

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security@vmware.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
vmware workspace_one_uem *
CVE-2023-20887

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

Products Affected

Vendor Product Version
vmware aria_operations_for_networks *
CVE-2023-20888

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.

Products Affected

Vendor Product Version
vmware vrealize_network_insight *
CVE-2023-20889

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.

Products Affected

Vendor Product Version
vmware vrealize_network_insight *
CVE-2023-20890

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
vmware aria_operations_for_networks *
CVE-2023-20891

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
vmware isolation_segment *
vmware tanzu_application_service_for_virtual_machines *
CVE-2023-20892

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcenter_server 8.0
vmware vcenter_server 7.0
CVE-2023-20893

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcenter_server 8.0
vmware vcenter_server 7.0
CVE-2023-20894

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcenter_server 8.0
vmware vcenter_server 7.0
CVE-2023-20895

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcenter_server 8.0
vmware vcenter_server 7.0
CVE-2023-20896

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcenter_server 8.0
vmware vcenter_server 7.0
CVE-2023-20899

VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.

Products Affected

Vendor Product Version
vmware sd-wan_edge_firmware *
CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9
security@vmware.com 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 37
debian debian_linux 11.0
vmware tools *
fedoraproject fedora 39
debian debian_linux 10.0
vmware open_vm_tools *
fedoraproject fedora 38
debian debian_linux 12.0
netapp ontap_select_deploy_administration_utility -
CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`

Products Affected

Vendor Product Version
apache shiro *
vmware spring_boot 2.6.0
CVE-2023-29552

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

Products Affected

Vendor Product Version
suse linux_enterprise_server 12
service_location_protocol_project service_location_protocol -
suse linux_enterprise_server 15
vmware esxi *
suse manager_server -
suse linux_enterprise_server 11
netapp smi-s_provider -
CVE-2023-31131

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 2.2 5.2

Products Affected

Vendor Product Version
vmware greenplum_database *
CVE-2023-34034

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
vmware spring_security *
CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
vmware spring_security *
CVE-2023-34036

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded… headers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
vmware spring_hateoas 2.1.0
vmware spring_hateoas *
CVE-2023-34037

VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
vmware horizon_client 2006
vmware horizon_client 2111.1
vmware horizon_client 2111
vmware horizon_client 2212
vmware horizon_client 2012
vmware horizon_client 2106
vmware horizon_client 2103
vmware horizon_client 2203
CVE-2023-34038

VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
vmware horizon_client 2006
vmware horizon_client 2111.1
vmware horizon_client 2111
vmware horizon_client 2212
vmware horizon_client 2012
vmware horizon_client 2106
vmware horizon_client 2103
vmware horizon_client 2203
CVE-2023-34039

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware aria_operations_for_networks *
CVE-2023-34040

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware spring_for_apache_kafka *
CVE-2023-34042

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6
security@vmware.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N 0.5 3.6

Products Affected

Vendor Product Version
vmware spring_security 5.7.10
vmware spring_security *
vmware spring_security 5.7.9
CVE-2023-34043

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
vmware cloud_foundation 5.0
vmware aria_operations 8.12.0
vmware aria_operations 8.10.0
vmware cloud_foundation *
vmware aria_operations 8.6.0
CVE-2023-34044

VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 1.5 4.0
security@vmware.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.5 4.0

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2023-34045

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N 1.3 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware fusion *
CVE-2023-34046

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
security@vmware.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
vmware fusion *
CVE-2023-34047

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4
security@vmware.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4

Products Affected

Vendor Product Version
vmware spring_for_graphql *
CVE-2023-34048

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security@vmware.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcenter_server 8.0
vmware vcenter_server 7.0
CVE-2023-34050

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H 0.7 4.2
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
vmware spring_advanced_message_queuing_protocol *
CVE-2023-34051

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware aria_operations_for_logs 8.6
vmware aria_operations_for_logs 8.10
vmware aria_operations_for_logs 8.8
vmware aria_operations_for_logs 8.12
vmware aria_operations_for_logs 4.0
vmware aria_operations_for_logs 8.10.2
vmware aria_operations_for_logs 5.0
CVE-2023-34052

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware aria_operations_for_logs 8.12
vmware aria_operations_for_logs 4.0
vmware aria_operations_for_logs 8.10.2
vmware aria_operations_for_logs 5.0
CVE-2023-34053

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
vmware spring_framework *
CVE-2023-34055

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
vmware spring_boot *
CVE-2023-34056

vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
security@vmware.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
vmware vcenter_server *
vmware vcenter_server 8.0
vmware vcenter_server 7.0
CVE-2023-34057

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware tools *
CVE-2023-34058

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
fedoraproject fedora 37
debian debian_linux 11.0
vmware tools *
fedoraproject fedora 39
debian debian_linux 10.0
vmware open_vm_tools *
fedoraproject fedora 38
debian debian_linux 12.0
CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
security@vmware.com 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.4 5.9

Products Affected

Vendor Product Version
debian debian_linux 11.0
debian debian_linux 10.0
vmware open_vm_tools *
debian debian_linux 12.0
CVE-2023-34060

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware cloud_director *
CVE-2023-34063

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 2.8 5.5
security@vmware.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
vmware cloud_foundation 4.0
vmware aria_automation 8.11.1
vmware aria_automation 8.11.0
vmware aria_automation 8.12.1
vmware cloud_foundation 5.0
vmware aria_automation 8.13.1
vmware aria_automation 8.12.2
vmware aria_automation 8.13.0
vmware aria_automation 8.11.2
vmware aria_automation 8.12.0
vmware aria_automation 8.14.0
vmware aria_automation 8.14.1
CVE-2023-34064

Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
vmware workspace_one_launcher *
CVE-2023-46118

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
security-advisories@github.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
vmware rabbitmq *
CVE-2023-46120

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-advisories@github.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
vmware rabbitmq_java_client *
CVE-2024-22233

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security@vmware.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
vmware spring_framework 6.0.15
vmware spring_framework 6.1.2
CVE-2024-22235

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
vmware aria_operations *
vmware cloud_foundation *
CVE-2024-22236

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security@vmware.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
vmware spring_cloud_contract *
vmware spring_cloud_contract 4.1.0
CVE-2024-22237

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security@vmware.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware aria_operations_for_networks *
CVE-2024-22238

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
security@vmware.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H 0.9 5.5

Products Affected

Vendor Product Version
vmware aria_operations_for_networks *
CVE-2024-22239

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware aria_operations_for_networks *
CVE-2024-22240

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
vmware aria_operations_for_networks *
CVE-2024-22241

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.  

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L 0.9 3.4
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
vmware aria_operations_for_networks *
CVE-2024-22251

VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.9 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N 1.4 4.0

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2024-22252

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware esxi 7.0
vmware esxi 8.0
vmware fusion *
vmware workstation *
CVE-2024-22253

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware esxi 7.0
vmware esxi 8.0
vmware fusion *
vmware cloud_foundation *
vmware workstation *
CVE-2024-22254

VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 1.5 5.8

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware esxi 7.0
vmware esxi 8.0
vmware cloud_foundation *
CVE-2024-22255

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.  

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.5 4.0

Products Affected

Vendor Product Version
vmware esxi 7.0.0
vmware esxi 7.0
vmware esxi 8.0
vmware fusion *
vmware cloud_foundation *
vmware workstation *
CVE-2024-22256

VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
vmware cloud_director *
CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
vmware spring_framework *
CVE-2024-22268

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.5 4.0

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2024-22269

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.5 4.0

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2024-22270

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.5 4.0

Products Affected

Vendor Product Version
vmware fusion *
vmware workstation *
CVE-2024-22273

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.1 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.4 6.0

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware esxi 8.0
vmware fusion *
vmware cloud_foundation *
vmware workstation *
CVE-2024-22274

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
vmware vcenter_server 8.0
vmware vcenter_server 7.0
vmware cloud_foundation *
CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
vmware vcenter_server 8.0
vmware vcenter_server 7.0
vmware cloud_foundation *
CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

Products Affected

Vendor Product Version
vmware cloud_director *
CVE-2024-22280

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.5 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N 3.1 4.7

Products Affected

Vendor Product Version
vmware aria_automation *
vmware cloud_foundation *
CVE-2024-37079

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware vcenter_server 8.0
vmware vcenter_server 7.0
vmware cloud_foundation *
CVE-2024-37080

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware vcenter_server 8.0
vmware vcenter_server 7.0
CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware vcenter_server 8.0
vmware vcenter_server 7.0
vmware cloud_foundation *
CVE-2024-37084

In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware spring_cloud_data_flow *
CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware esxi 8.0
vmware cloud_foundation *
CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.5 4.2

Products Affected

Vendor Product Version
vmware esxi 7.0
vmware esxi 8.0
vmware cloud_foundation *
CVE-2024-37087

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
vmware vcenter_server 8.0
vmware vcenter_server 7.0
vmware cloud_foundation *
CVE-2024-38808

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
vmware spring_framework *
netapp oncommand_insight -
CVE-2024-38810

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
vmware spring_security *
CVE-2024-38812

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
vmware vcenter_server 8.0
vmware vcenter_server 7.0
vmware cloud_foundation *
CVE-2024-38813

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
vmware vcenter_server 8.0
vmware vcenter_server 7.0
vmware cloud_foundation *
CVE-2024-38814

An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager.  Updates are available to remediate this vulnerability in affected VMware products.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
vmware vmware_hcx 4.10.0
vmware vmware_hcx *
CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
vmware spring_framework *
CVE-2024-38830

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware aria_operations *
vmware cloud_foundation *
CVE-2024-38831

VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware aria_operations *
vmware cloud_foundation *
CVE-2024-38832

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 2.8 4.2

Products Affected

Vendor Product Version
vmware aria_operations *
vmware cloud_foundation *
CVE-2024-38833

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L 2.1 4.7

Products Affected

Vendor Product Version
vmware aria_operations *
vmware cloud_foundation *
CVE-2024-38834

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N 1.3 4.7

Products Affected

Vendor Product Version
vmware aria_operations *
vmware cloud_foundation *
CVE-2025-22218

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

Products Affected

Vendor Product Version
vmware aria_operations_for_logs *
vmware cloud_foundation *
CVE-2025-22219

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
vmware aria_operations_for_logs *
vmware cloud_foundation *
CVE-2025-22220

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
vmware aria_operations_for_logs *
vmware cloud_foundation *
CVE-2025-22221

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.2 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N 0.9 4.2
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
vmware aria_operations_for_logs *
vmware cloud_foundation *
CVE-2025-22222

VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
vmware aria_operations *
vmware cloud_foundation *
CVE-2025-22224

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
vmware telco_cloud_infrastructure 3.0
vmware esxi 7.0
vmware telco_cloud_infrastructure 2.2
vmware telco_cloud_infrastructure 2.5
vmware telco_cloud_platform 3.0
vmware telco_cloud_platform 4.0.1
vmware telco_cloud_platform 5.0
vmware telco_cloud_platform 2.0
vmware cloud_foundation -
vmware telco_cloud_infrastructure 2.7
vmware esxi 8.0
vmware telco_cloud_platform 4.0
vmware telco_cloud_platform 2.7
vmware telco_cloud_platform 2.5
vmware workstation *
CVE-2025-22225

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
vmware telco_cloud_infrastructure 3.0
vmware esxi 7.0
vmware telco_cloud_infrastructure 2.2
vmware telco_cloud_infrastructure 2.5
vmware telco_cloud_platform 3.0
vmware telco_cloud_platform 4.0.1
vmware telco_cloud_platform 5.0
vmware telco_cloud_platform 2.0
vmware cloud_foundation -
vmware telco_cloud_infrastructure 2.7
vmware esxi 8.0
vmware telco_cloud_platform 4.0
vmware telco_cloud_platform 2.7
vmware telco_cloud_platform 2.5
CVE-2025-22226

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.5 4.0
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 1.5 4.0

Products Affected

Vendor Product Version
vmware telco_cloud_infrastructure 3.0
vmware esxi 7.0
vmware telco_cloud_infrastructure 2.2
vmware telco_cloud_infrastructure 2.5
vmware telco_cloud_platform 3.0
vmware telco_cloud_platform 4.0.1
vmware telco_cloud_platform 5.0
vmware telco_cloud_platform 2.0
vmware cloud_foundation -
vmware telco_cloud_infrastructure 2.7
vmware esxi 8.0
vmware fusion *
vmware telco_cloud_platform 4.0
vmware telco_cloud_platform 2.7
vmware telco_cloud_platform 2.5
vmware workstation *
CVE-2025-22243

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H 1.7 5.3

Products Affected

Vendor Product Version
vmware telco_cloud_platform *
broadcom vmware_nsx *
vmware telco_cloud_infrastructure *
broadcom vmware_nsx 4.2.2
vmware cloud_foundation *
CVE-2025-22244

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N 1.7 4.7

Products Affected

Vendor Product Version
vmware telco_cloud_platform *
broadcom vmware_nsx *
vmware telco_cloud_infrastructure *
broadcom vmware_nsx 4.2.2
vmware cloud_foundation *
CVE-2025-22245

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
vmware telco_cloud_platform *
broadcom vmware_nsx *
vmware telco_cloud_infrastructure *
broadcom vmware_nsx 4.2.2
vmware cloud_foundation *
CVE-2025-22249

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 2.8 4.7

Products Affected

Vendor Product Version
vmware telco_cloud_platform *
vmware aria_automation 8.18.1
vmware aria_automation 8.18.0
vmware cloud_foundation *
CVE-2025-41231

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 2.5 4.7

Products Affected

Vendor Product Version
vmware cloud_foundation *
CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
vmware telco_cloud_platform *
vmware aria_operations *
vmware telco_cloud_infrastructure *
debian debian_linux 11.0
vmware tools *
vmware cloud_foundation_operations 9.0
vmware open_vm_tools *
vmware open_vm_tools 13.0.0
vmware cloud_foundation *
CVE-2026-22720

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.  To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https:// .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
vmware telco_cloud_platform *
vmware aria_operations *
vmware telco_cloud_infrastructure *
vmware cloud_foundation *
CVE-2026-22721

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.2 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L 0.7 5.5

Products Affected

Vendor Product Version
vmware telco_cloud_platform *
vmware aria_operations *
vmware telco_cloud_infrastructure *
vmware cloud_foundation *
CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents. This vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata. The vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters like ", ||, and && are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
vmware spring_ai *
CVE-2026-22730

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
vmware spring_ai *
CVE-2026-22746

Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, or locked.This issue affects Spring Security: from 5.7.0 through 5.7.22, from 5.8.0 through 5.8.24, from 6.3.0 through 6.3.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
vmware spring_security *
CVE-2026-22747

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
vmware spring_security *
CVE-2026-22748

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder  or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
security@vmware.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

Products Affected

Vendor Product Version
vmware spring_security *
CVE-2026-22753

Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the application. This can lead to the authentication, authorization, and other security controls being rendered inactive on intended requests.This issue affects Spring Security: from 7.0.0 through 7.0.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
vmware spring_security *
CVE-2026-22754

Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
vmware spring_security *
CVE-2026-40966

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
vmware spring_ai *
CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7

Products Affected

Vendor Product Version
vmware spring_ai *
CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 4.2 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N 1.6 2.5

Products Affected

Vendor Product Version
vmware spring_grpc *
CVE-2026-40969

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
vmware spring_grpc *
CVE-2026-40972

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); DevTools remote secret comparison. Versions that are no longer supported are also affected per vendor advisory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
vmware spring_boot *
CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application's user. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); predictable temp directory / `ApplicationTemp` ownership verification. Versions that are no longer supported are also affected per vendor advisory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
vmware spring_boot *
CVE-2026-40975

Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

Products Affected

Vendor Product Version
vmware spring_boot *
CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the above does not apply, the application is not vulnerable. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
vmware spring_boot *
CVE-2026-40977

When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); PID file / symlink behavior (`ApplicationPidFileWriter`). Versions that are no longer supported are also affected per vendor advisory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H 0.5 4.2

Products Affected

Vendor Product Version
vmware spring_boot *
CVE-2026-40978

SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
vmware spring_ai *
CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N 1.8 4.2

Products Affected

Vendor Product Version
vmware spring_ai *
CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@vmware.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
vmware spring_ai *