Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 1.0.1 |
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 1.1 |
| vmware | workstation | 1.1.2 |
| vmware | workstation | 1.0.1 |
| vmware | workstation | 1.1.1 |
| vmware | workstation | 1.0.2 |
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 2.0 |
Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | gsx_server | 2.0.0_build_2050 |
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 4.0 |
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | gsx_server | 2.5.1 |
| vmware | workstation | 4.0 |
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | * |
VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 1.5.2 |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| securecomputing | sidewinder | 5.2.0.01 |
| lite | speed_technologies_litespeed_web_server | 1.0.3 |
| cisco | firewall_services_module | 1.1.2 |
| cisco | pix_firewall_software | 6.0(3) |
| vmware | gsx_server | 2.0.1_build_2129 |
| cisco | pix_firewall_software | 6.0(2) |
| avaya | s8300 | r2.0.0 |
| neoteris | instant_virtual_extranet | 3.0 |
| redhat | linux | 8.0 |
| cisco | pix_firewall | 6.2.2_.111 |
| avaya | s8700 | r2.0.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc1 |
| freebsd | freebsd | 5.2.1 |
| cisco | webns | 7.10_.0.06s |
| cisco | webns | 7.10 |
| novell | edirectory | 8.6.2 |
| lite | speed_technologies_litespeed_web_server | 1.3 |
| stonesoft | stonegate | 2.0.7 |
| openbsd | openbsd | 3.3 |
| avaya | sg208 | 4.4 |
| cisco | firewall_services_module | 2.1_(0.208) |
| lite | speed_technologies_litespeed_web_server | 1.0.2 |
| sun | crypto_accelerator_4000 | 1.0 |
| stonesoft | servercluster | 2.5 |
| tarantella | tarantella_enterprise | 3.20 |
| stonesoft | stonegate | 2.1 |
| lite | speed_technologies_litespeed_web_server | 1.3.1 |
| tarantella | tarantella_enterprise | 3.40 |
| 4d | webstar | 5.2.4 |
| checkpoint | vpn-1 | next_generation_fp2 |
| 4d | webstar | 5.3.1 |
| hp | hp-ux | 8.05 |
| stonesoft | stonegate | 2.2.1 |
| cisco | pix_firewall_software | 6.0(4.101) |
| stonesoft | stonegate | 2.2.4 |
| cisco | pix_firewall_software | 6.2 |
| tarantella | tarantella_enterprise | 3.30 |
| redhat | openssl | 0.9.6-15 |
| redhat | enterprise_linux_desktop | 3.0 |
| avaya | s8500 | r2.0.0 |
| lite | speed_technologies_litespeed_web_server | 1.2.1 |
| cisco | pix_firewall_software | 6.3(2) |
| cisco | secure_content_accelerator | 10000 |
| cisco | css_secure_content_accelerator | 1.0 |
| cisco | ios | 12.2za |
| avaya | sg5 | 4.4 |
| openbsd | openbsd | 3.4 |
| checkpoint | vpn-1 | next_generation_fp0 |
| cisco | call_manager | * |
| hp | hp-ux | 11.11 |
| cisco | firewall_services_module | * |
| cisco | pix_firewall_software | 6.0(1) |
| novell | edirectory | 8.5.27 |
| openssl | openssl | 0.9.6c |
| cisco | css11000_content_services_switch | * |
| cisco | webns | 6.10_b4 |
| checkpoint | firewall-1 | * |
| cisco | css_secure_content_accelerator | 2.0 |
| stonesoft | stonebeat_fullcluster | 2.0 |
| avaya | vsu | 5 |
| hp | apache-based_web_server | 2.0.43.04 |
| openssl | openssl | 0.9.6i |
| stonesoft | stonebeat_webcluster | 2.0 |
| novell | edirectory | 8.7 |
| cisco | pix_firewall_software | 6.2(2) |
| novell | imanager | 2.0 |
| apple | mac_os_x_server | 10.3.3 |
| securecomputing | sidewinder | 5.2.1.02 |
| checkpoint | firewall-1 | next_generation_fp0 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc1 |
| cisco | webns | 7.1_0.1.02 |
| stonesoft | stonebeat_fullcluster | 2.5 |
| vmware | gsx_server | 3.0_build_7592 |
| avaya | s8500 | r2.0.1 |
| hp | wbem | a.02.00.00 |
| sco | openserver | 5.0.6 |
| cisco | ciscoworks_common_services | 2.2 |
| avaya | vsu | 5000_r2.0.1 |
| novell | edirectory | 8.5 |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| lite | speed_technologies_litespeed_web_server | 1.0.1 |
| freebsd | freebsd | 5.1 |
| cisco | gss_4490_global_site_selector | * |
| stonesoft | stonegate_vpn_client | 2.0.7 |
| avaya | sg200 | 4.31.29 |
| stonesoft | stonegate | 2.0.8 |
| cisco | access_registrar | * |
| avaya | sg5 | 4.3 |
| hp | wbem | a.02.00.01 |
| stonesoft | stonegate | 2.0.5 |
| openssl | openssl | 0.9.6e |
| openssl | openssl | 0.9.7c |
| avaya | intuity_audix | * |
| cisco | pix_firewall_software | 6.1(4) |
| openssl | openssl | 0.9.6d |
| stonesoft | stonebeat_securitycluster | 2.5 |
| cisco | pix_firewall_software | 6.2(3.100) |
| cisco | pix_firewall_software | 6.3(3.102) |
| stonesoft | stonegate | 1.5.18 |
| avaya | vsu | 100_r2.0.1 |
| hp | hp-ux | 11.23 |
| 4d | webstar | 5.2.1 |
| stonesoft | stonegate_vpn_client | 2.0.8 |
| cisco | pix_firewall_software | 6.3(1) |
| novell | edirectory | 8.5.12a |
| cisco | pix_firewall_software | 6.2(1) |
| lite | speed_technologies_litespeed_web_server | 1.2.2 |
| cisco | ios | 12.1(13)e9 |
| redhat | openssl | 0.9.6b-3 |
| stonesoft | stonegate | 1.7.1 |
| stonesoft | stonegate | 1.6.3 |
| cisco | webns | 7.2_0.0.03 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc2 |
| avaya | converged_communications_server | 2.0 |
| 4d | webstar | 4.0 |
| cisco | ios | 12.1(19)e1 |
| novell | edirectory | 8.0 |
| cisco | firewall_services_module | 1.1_(3.005) |
| avaya | intuity_audix | s3210 |
| neoteris | instant_virtual_extranet | 3.1 |
| stonesoft | stonegate | 1.7.2 |
| cisco | ios | 12.1(11b)e14 |
| sgi | propack | 3.0 |
| cisco | ios | 12.2(14)sy |
| neoteris | instant_virtual_extranet | 3.3 |
| 4d | webstar | 5.2.2 |
| freebsd | freebsd | 5.2 |
| sgi | propack | 2.4 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| stonesoft | stonegate_vpn_client | 2.0 |
| cisco | application_and_content_networking_software | * |
| cisco | firewall_services_module | 1.1.3 |
| openssl | openssl | 0.9.7b |
| hp | apache-based_web_server | 2.0.43.00 |
| cisco | pix_firewall_software | 6.1(3) |
| lite | speed_technologies_litespeed_web_server | 1.1.1 |
| checkpoint | firewall-1 | next_generation_fp1 |
| stonesoft | stonegate | 1.7 |
| stonesoft | stonegate_vpn_client | 2.0.9 |
| securecomputing | sidewinder | 5.2.0.04 |
| cisco | ios | 12.2(14)sy1 |
| openssl | openssl | 0.9.6k |
| 4d | webstar | 5.3 |
| openssl | openssl | 0.9.6j |
| 4d | webstar | 5.2 |
| checkpoint | vpn-1 | next_generation_fp1 |
| sco | openserver | 5.0.7 |
| redhat | openssl | 0.9.7a-2 |
| avaya | vsu | 2000_r2.0.1 |
| hp | wbem | a.01.05.08 |
| avaya | sg5 | 4.2 |
| cisco | pix_firewall_software | 6.1(2) |
| stonesoft | stonegate | 2.0.6 |
| avaya | s8300 | r2.0.1 |
| checkpoint | firewall-1 | next_generation_fp2 |
| cisco | ios | 12.1(11b)e |
| cisco | ios | 12.1(11b)e12 |
| openssl | openssl | 0.9.6f |
| stonesoft | servercluster | 2.5.2 |
| redhat | linux | 7.3 |
| avaya | s8700 | r2.0.0 |
| securecomputing | sidewinder | 5.2 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| avaya | vsu | 7500_r2.0.1 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| hp | aaa_server | * |
| hp | hp-ux | 11.00 |
| openssl | openssl | 0.9.6h |
| novell | edirectory | 8.7.1 |
| bluecoat | proxysg | * |
| cisco | pix_firewall_software | 6.3(3.109) |
| neoteris | instant_virtual_extranet | 3.3.1 |
| cisco | gss_4480_global_site_selector | * |
| dell | bsafe_ssl-j | 3.0 |
| novell | imanager | 1.5 |
| securecomputing | sidewinder | 5.2.1 |
| cisco | pix_firewall_software | 6.0(4) |
| cisco | pix_firewall_software | 6.1(1) |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| 4d | webstar | 5.2.3 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| stonesoft | stonegate | 2.0.4 |
| cisco | pix_firewall_software | 6.3 |
| avaya | sg200 | 4.4 |
| dell | bsafe_ssl-j | 3.1 |
| avaya | sg203 | 4.4 |
| avaya | intuity_audix | s3400 |
| stonesoft | stonegate | 2.0.1 |
| cisco | mds_9000 | * |
| stonesoft | stonebeat_webcluster | 2.5 |
| avaya | vsu | 10000_r2.0.1 |
| stonesoft | stonegate | 1.6.2 |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| freebsd | freebsd | 4.9 |
| sgi | propack | 2.3 |
| checkpoint | firewall-1 | 2.0 |
| cisco | content_services_switch_11500 | * |
| vmware | gsx_server | 2.5.1_build_5336 |
| lite | speed_technologies_litespeed_web_server | 1.1 |
| securecomputing | sidewinder | 5.2.0.03 |
| cisco | pix_firewall_software | 6.0 |
| securecomputing | sidewinder | 5.2.0.02 |
| cisco | pix_firewall_software | 6.2(3) |
| cisco | ios | 12.2sy |
| avaya | sg208 | * |
| redhat | enterprise_linux | 3.0 |
| checkpoint | provider-1 | 4.1 |
| redhat | linux | 7.2 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc2 |
| neoteris | instant_virtual_extranet | 3.2 |
| cisco | okena_stormwatch | 3.2 |
| stonesoft | stonegate | 2.2 |
| avaya | sg203 | 4.31.29 |
| avaya | intuity_audix | 5.1.46 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| openssl | openssl | 0.9.7 |
| openssl | openssl | 0.9.6g |
| avaya | vsu | 500 |
| stonesoft | stonegate_vpn_client | 1.7.2 |
| cisco | webns | 6.10 |
| dell | bsafe_ssl-j | 3.0.1 |
| cisco | threat_response | * |
| stonesoft | stonegate_vpn_client | 1.7 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| vmware | gsx_server | 2.0 |
| stonesoft | stonegate | 2.0.9 |
| avaya | vsu | 5x |
| cisco | pix_firewall_software | 6.1(5) |
| cisco | ios | 12.1(11)e |
| cisco | webns | 7.1_0.2.06 |
| apple | mac_os_x | 10.3.3 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc3 |
| vmware | gsx_server | 2.5.1 |
| freebsd | freebsd | 4.8 |
| cisco | pix_firewall_software | 6.1 |
| stonesoft | stonegate | 1.5.17 |
| openssl | openssl | 0.9.7a |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| securecomputing | sidewinder | 5.2.0.01 |
| lite | speed_technologies_litespeed_web_server | 1.0.3 |
| cisco | firewall_services_module | 1.1.2 |
| cisco | pix_firewall_software | 6.0(3) |
| vmware | gsx_server | 2.0.1_build_2129 |
| cisco | pix_firewall_software | 6.0(2) |
| avaya | s8300 | r2.0.0 |
| neoteris | instant_virtual_extranet | 3.0 |
| redhat | linux | 8.0 |
| cisco | pix_firewall | 6.2.2_.111 |
| avaya | s8700 | r2.0.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc1 |
| freebsd | freebsd | 5.2.1 |
| cisco | webns | 7.10_.0.06s |
| cisco | webns | 7.10 |
| novell | edirectory | 8.6.2 |
| lite | speed_technologies_litespeed_web_server | 1.3 |
| stonesoft | stonegate | 2.0.7 |
| openbsd | openbsd | 3.3 |
| avaya | sg208 | 4.4 |
| cisco | firewall_services_module | 2.1_(0.208) |
| lite | speed_technologies_litespeed_web_server | 1.0.2 |
| sun | crypto_accelerator_4000 | 1.0 |
| stonesoft | servercluster | 2.5 |
| tarantella | tarantella_enterprise | 3.20 |
| stonesoft | stonegate | 2.1 |
| lite | speed_technologies_litespeed_web_server | 1.3.1 |
| tarantella | tarantella_enterprise | 3.40 |
| 4d | webstar | 5.2.4 |
| 4d | webstar | 5.3.1 |
| hp | hp-ux | 8.05 |
| stonesoft | stonegate | 2.2.1 |
| cisco | pix_firewall_software | 6.0(4.101) |
| stonesoft | stonegate | 2.2.4 |
| cisco | pix_firewall_software | 6.2 |
| tarantella | tarantella_enterprise | 3.30 |
| redhat | openssl | 0.9.6-15 |
| redhat | enterprise_linux_desktop | 3.0 |
| avaya | s8500 | r2.0.0 |
| lite | speed_technologies_litespeed_web_server | 1.2.1 |
| cisco | pix_firewall_software | 6.3(2) |
| cisco | secure_content_accelerator | 10000 |
| cisco | css_secure_content_accelerator | 1.0 |
| cisco | ios | 12.2za |
| avaya | sg5 | 4.4 |
| openbsd | openbsd | 3.4 |
| checkpoint | vpn-1 | next_generation_fp0 |
| cisco | call_manager | * |
| hp | hp-ux | 11.11 |
| cisco | firewall_services_module | * |
| cisco | pix_firewall_software | 6.0(1) |
| novell | edirectory | 8.5.27 |
| openssl | openssl | 0.9.6c |
| cisco | css11000_content_services_switch | * |
| cisco | webns | 6.10_b4 |
| checkpoint | firewall-1 | * |
| cisco | css_secure_content_accelerator | 2.0 |
| stonesoft | stonebeat_fullcluster | 2.0 |
| avaya | vsu | 5 |
| hp | apache-based_web_server | 2.0.43.04 |
| openssl | openssl | 0.9.6i |
| stonesoft | stonebeat_webcluster | 2.0 |
| novell | edirectory | 8.7 |
| cisco | pix_firewall_software | 6.2(2) |
| novell | imanager | 2.0 |
| apple | mac_os_x_server | 10.3.3 |
| securecomputing | sidewinder | 5.2.1.02 |
| checkpoint | firewall-1 | next_generation_fp0 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc1 |
| cisco | webns | 7.1_0.1.02 |
| stonesoft | stonebeat_fullcluster | 2.5 |
| vmware | gsx_server | 3.0_build_7592 |
| avaya | s8500 | r2.0.1 |
| hp | wbem | a.02.00.00 |
| sco | openserver | 5.0.6 |
| cisco | ciscoworks_common_services | 2.2 |
| avaya | vsu | 5000_r2.0.1 |
| novell | edirectory | 8.5 |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| lite | speed_technologies_litespeed_web_server | 1.0.1 |
| freebsd | freebsd | 5.1 |
| cisco | gss_4490_global_site_selector | * |
| stonesoft | stonegate_vpn_client | 2.0.7 |
| avaya | sg200 | 4.31.29 |
| stonesoft | stonegate | 2.0.8 |
| cisco | access_registrar | * |
| avaya | sg5 | 4.3 |
| hp | wbem | a.02.00.01 |
| stonesoft | stonegate | 2.0.5 |
| openssl | openssl | 0.9.6e |
| openssl | openssl | 0.9.7c |
| avaya | intuity_audix | * |
| cisco | pix_firewall_software | 6.1(4) |
| openssl | openssl | 0.9.6d |
| stonesoft | stonebeat_securitycluster | 2.5 |
| cisco | pix_firewall_software | 6.2(3.100) |
| cisco | pix_firewall_software | 6.3(3.102) |
| stonesoft | stonegate | 1.5.18 |
| avaya | vsu | 100_r2.0.1 |
| hp | hp-ux | 11.23 |
| 4d | webstar | 5.2.1 |
| stonesoft | stonegate_vpn_client | 2.0.8 |
| cisco | pix_firewall_software | 6.3(1) |
| novell | edirectory | 8.5.12a |
| cisco | pix_firewall_software | 6.2(1) |
| lite | speed_technologies_litespeed_web_server | 1.2.2 |
| cisco | ios | 12.1(13)e9 |
| redhat | openssl | 0.9.6b-3 |
| stonesoft | stonegate | 1.7.1 |
| stonesoft | stonegate | 1.6.3 |
| cisco | webns | 7.2_0.0.03 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc2 |
| avaya | converged_communications_server | 2.0 |
| 4d | webstar | 4.0 |
| cisco | ios | 12.1(19)e1 |
| novell | edirectory | 8.0 |
| cisco | firewall_services_module | 1.1_(3.005) |
| avaya | intuity_audix | s3210 |
| neoteris | instant_virtual_extranet | 3.1 |
| stonesoft | stonegate | 1.7.2 |
| cisco | ios | 12.1(11b)e14 |
| sgi | propack | 3.0 |
| cisco | ios | 12.2(14)sy |
| neoteris | instant_virtual_extranet | 3.3 |
| 4d | webstar | 5.2.2 |
| freebsd | freebsd | 5.2 |
| sgi | propack | 2.4 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| stonesoft | stonegate_vpn_client | 2.0 |
| cisco | application_and_content_networking_software | * |
| cisco | firewall_services_module | 1.1.3 |
| openssl | openssl | 0.9.7b |
| hp | apache-based_web_server | 2.0.43.00 |
| cisco | pix_firewall_software | 6.1(3) |
| lite | speed_technologies_litespeed_web_server | 1.1.1 |
| checkpoint | firewall-1 | next_generation_fp1 |
| stonesoft | stonegate | 1.7 |
| stonesoft | stonegate_vpn_client | 2.0.9 |
| securecomputing | sidewinder | 5.2.0.04 |
| cisco | ios | 12.2(14)sy1 |
| openssl | openssl | 0.9.6k |
| 4d | webstar | 5.3 |
| openssl | openssl | 0.9.6j |
| 4d | webstar | 5.2 |
| checkpoint | vpn-1 | next_generation_fp1 |
| sco | openserver | 5.0.7 |
| redhat | openssl | 0.9.7a-2 |
| avaya | vsu | 2000_r2.0.1 |
| hp | wbem | a.01.05.08 |
| avaya | sg5 | 4.2 |
| cisco | pix_firewall_software | 6.1(2) |
| stonesoft | stonegate | 2.0.6 |
| avaya | s8300 | r2.0.1 |
| checkpoint | firewall-1 | next_generation_fp2 |
| cisco | ios | 12.1(11b)e |
| cisco | ios | 12.1(11b)e12 |
| openssl | openssl | 0.9.6f |
| checkpoint | vpn-1 | next_generation |
| stonesoft | servercluster | 2.5.2 |
| redhat | linux | 7.3 |
| avaya | s8700 | r2.0.0 |
| securecomputing | sidewinder | 5.2 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| avaya | vsu | 7500_r2.0.1 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| hp | aaa_server | * |
| hp | hp-ux | 11.00 |
| openssl | openssl | 0.9.6h |
| novell | edirectory | 8.7.1 |
| bluecoat | proxysg | * |
| cisco | pix_firewall_software | 6.3(3.109) |
| neoteris | instant_virtual_extranet | 3.3.1 |
| cisco | gss_4480_global_site_selector | * |
| dell | bsafe_ssl-j | 3.0 |
| novell | imanager | 1.5 |
| securecomputing | sidewinder | 5.2.1 |
| cisco | pix_firewall_software | 6.0(4) |
| cisco | pix_firewall_software | 6.1(1) |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| 4d | webstar | 5.2.3 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| stonesoft | stonegate | 2.0.4 |
| cisco | pix_firewall_software | 6.3 |
| avaya | sg200 | 4.4 |
| dell | bsafe_ssl-j | 3.1 |
| avaya | sg203 | 4.4 |
| avaya | intuity_audix | s3400 |
| stonesoft | stonegate | 2.0.1 |
| cisco | mds_9000 | * |
| stonesoft | stonebeat_webcluster | 2.5 |
| avaya | vsu | 10000_r2.0.1 |
| stonesoft | stonegate | 1.6.2 |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| freebsd | freebsd | 4.9 |
| sgi | propack | 2.3 |
| checkpoint | firewall-1 | 2.0 |
| cisco | content_services_switch_11500 | * |
| vmware | gsx_server | 2.5.1_build_5336 |
| lite | speed_technologies_litespeed_web_server | 1.1 |
| securecomputing | sidewinder | 5.2.0.03 |
| cisco | pix_firewall_software | 6.0 |
| securecomputing | sidewinder | 5.2.0.02 |
| cisco | pix_firewall_software | 6.2(3) |
| cisco | ios | 12.2sy |
| avaya | sg208 | * |
| redhat | enterprise_linux | 3.0 |
| checkpoint | provider-1 | 4.1 |
| redhat | linux | 7.2 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc2 |
| neoteris | instant_virtual_extranet | 3.2 |
| cisco | okena_stormwatch | 3.2 |
| stonesoft | stonegate | 2.2 |
| avaya | sg203 | 4.31.29 |
| avaya | intuity_audix | 5.1.46 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| openssl | openssl | 0.9.7 |
| openssl | openssl | 0.9.6g |
| avaya | vsu | 500 |
| stonesoft | stonegate_vpn_client | 1.7.2 |
| cisco | webns | 6.10 |
| dell | bsafe_ssl-j | 3.0.1 |
| cisco | threat_response | * |
| stonesoft | stonegate_vpn_client | 1.7 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| vmware | gsx_server | 2.0 |
| stonesoft | stonegate | 2.0.9 |
| avaya | vsu | 5x |
| cisco | pix_firewall_software | 6.1(5) |
| cisco | ios | 12.1(11)e |
| cisco | webns | 7.1_0.2.06 |
| apple | mac_os_x | 10.3.3 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc3 |
| vmware | gsx_server | 2.5.1 |
| freebsd | freebsd | 4.8 |
| cisco | pix_firewall_software | 6.1 |
| stonesoft | stonegate | 1.5.17 |
| openssl | openssl | 0.9.7a |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| securecomputing | sidewinder | 5.2.0.01 |
| cisco | firewall_services_module | 1.1.2 |
| cisco | pix_firewall_software | 6.0(3) |
| vmware | gsx_server | 2.0.1_build_2129 |
| cisco | pix_firewall_software | 6.0(2) |
| forcepoint | stonegate | 2.0.5 |
| avaya | s8300 | r2.0.0 |
| neoteris | instant_virtual_extranet | 3.0 |
| redhat | linux | 8.0 |
| cisco | pix_firewall | 6.2.2_.111 |
| avaya | s8700 | r2.0.1 |
| freebsd | freebsd | 5.2.1 |
| cisco | webns | 7.10_.0.06s |
| cisco | webns | 7.10 |
| novell | edirectory | 8.6.2 |
| openbsd | openbsd | 3.3 |
| avaya | sg208 | 4.4 |
| cisco | firewall_services_module | 2.1_(0.208) |
| forcepoint | stonegate | 1.7 |
| sun | crypto_accelerator_4000 | 1.0 |
| stonesoft | servercluster | 2.5 |
| tarantella | tarantella_enterprise | 3.20 |
| forcepoint | stonegate | 2.0.6 |
| tarantella | tarantella_enterprise | 3.40 |
| 4d | webstar | 5.2.4 |
| checkpoint | vpn-1 | next_generation_fp2 |
| 4d | webstar | 5.3.1 |
| hp | hp-ux | 8.05 |
| cisco | pix_firewall_software | 6.0(4.101) |
| cisco | pix_firewall_software | 6.2 |
| tarantella | tarantella_enterprise | 3.30 |
| redhat | openssl | 0.9.6-15 |
| redhat | enterprise_linux_desktop | 3.0 |
| avaya | s8500 | r2.0.0 |
| cisco | pix_firewall_software | 6.3(2) |
| cisco | secure_content_accelerator | 10000 |
| cisco | css_secure_content_accelerator | 1.0 |
| cisco | ios | 12.2za |
| avaya | sg5 | 4.4 |
| openbsd | openbsd | 3.4 |
| forcepoint | stonegate | 1.5.18 |
| checkpoint | vpn-1 | next_generation_fp0 |
| cisco | call_manager | * |
| hp | hp-ux | 11.11 |
| cisco | firewall_services_module | * |
| cisco | pix_firewall_software | 6.0(1) |
| novell | edirectory | 8.5.27 |
| openssl | openssl | 0.9.6c |
| forcepoint | stonegate | 2.2.1 |
| cisco | css11000_content_services_switch | * |
| cisco | webns | 6.10_b4 |
| checkpoint | firewall-1 | * |
| cisco | css_secure_content_accelerator | 2.0 |
| stonesoft | stonebeat_fullcluster | 2.0 |
| avaya | vsu | 5 |
| hp | apache-based_web_server | 2.0.43.04 |
| forcepoint | stonegate | 1.6.3 |
| openssl | openssl | 0.9.6i |
| stonesoft | stonebeat_webcluster | 2.0 |
| novell | edirectory | 8.7 |
| cisco | pix_firewall_software | 6.2(2) |
| novell | imanager | 2.0 |
| apple | mac_os_x_server | 10.3.3 |
| securecomputing | sidewinder | 5.2.1.02 |
| checkpoint | firewall-1 | next_generation_fp0 |
| forcepoint | stonegate | 2.2 |
| cisco | webns | 7.1_0.1.02 |
| stonesoft | stonebeat_fullcluster | 2.5 |
| vmware | gsx_server | 3.0_build_7592 |
| avaya | s8500 | r2.0.1 |
| hp | wbem | a.02.00.00 |
| sco | openserver | 5.0.6 |
| cisco | ciscoworks_common_services | 2.2 |
| avaya | vsu | 5000_r2.0.1 |
| novell | edirectory | 8.5 |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| forcepoint | stonegate | 1.6.2 |
| freebsd | freebsd | 5.1 |
| cisco | gss_4490_global_site_selector | * |
| avaya | sg200 | 4.31.29 |
| cisco | access_registrar | * |
| forcepoint | stonegate | 2.0.1 |
| avaya | sg5 | 4.3 |
| hp | wbem | a.02.00.01 |
| openssl | openssl | 0.9.6e |
| openssl | openssl | 0.9.7c |
| avaya | intuity_audix | * |
| cisco | pix_firewall_software | 6.1(4) |
| openssl | openssl | 0.9.6d |
| stonesoft | stonebeat_securitycluster | 2.5 |
| cisco | pix_firewall_software | 6.2(3.100) |
| cisco | pix_firewall_software | 6.3(3.102) |
| avaya | vsu | 100_r2.0.1 |
| hp | hp-ux | 11.23 |
| 4d | webstar | 5.2.1 |
| cisco | pix_firewall_software | 6.3(1) |
| novell | edirectory | 8.5.12a |
| cisco | pix_firewall_software | 6.2(1) |
| cisco | ios | 12.1(13)e9 |
| redhat | openssl | 0.9.6b-3 |
| cisco | webns | 7.2_0.0.03 |
| avaya | converged_communications_server | 2.0 |
| 4d | webstar | 4.0 |
| cisco | ios | 12.1(19)e1 |
| novell | edirectory | 8.0 |
| forcepoint | stonegate | 1.5.17 |
| forcepoint | stonegate | 2.1 |
| cisco | firewall_services_module | 1.1_(3.005) |
| avaya | intuity_audix | s3210 |
| neoteris | instant_virtual_extranet | 3.1 |
| cisco | ios | 12.1(11b)e14 |
| sgi | propack | 3.0 |
| cisco | ios | 12.2(14)sy |
| neoteris | instant_virtual_extranet | 3.3 |
| forcepoint | stonegate | 1.7.2 |
| 4d | webstar | 5.2.2 |
| freebsd | freebsd | 5.2 |
| sgi | propack | 2.4 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| cisco | application_and_content_networking_software | * |
| forcepoint | stonegate | 2.0.9 |
| cisco | firewall_services_module | 1.1.3 |
| openssl | openssl | 0.9.7b |
| hp | apache-based_web_server | 2.0.43.00 |
| cisco | pix_firewall_software | 6.1(3) |
| checkpoint | firewall-1 | next_generation_fp1 |
| securecomputing | sidewinder | 5.2.0.04 |
| cisco | ios | 12.2(14)sy1 |
| openssl | openssl | 0.9.6k |
| 4d | webstar | 5.3 |
| openssl | openssl | 0.9.6j |
| 4d | webstar | 5.2 |
| checkpoint | vpn-1 | next_generation_fp1 |
| sco | openserver | 5.0.7 |
| redhat | openssl | 0.9.7a-2 |
| avaya | vsu | 2000_r2.0.1 |
| hp | wbem | a.01.05.08 |
| avaya | sg5 | 4.2 |
| cisco | pix_firewall_software | 6.1(2) |
| avaya | s8300 | r2.0.1 |
| checkpoint | firewall-1 | next_generation_fp2 |
| cisco | ios | 12.1(11b)e |
| forcepoint | stonegate | 2.0.7 |
| cisco | ios | 12.1(11b)e12 |
| openssl | openssl | 0.9.6f |
| stonesoft | servercluster | 2.5.2 |
| redhat | linux | 7.3 |
| avaya | s8700 | r2.0.0 |
| securecomputing | sidewinder | 5.2 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| avaya | vsu | 7500_r2.0.1 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| hp | aaa_server | * |
| hp | hp-ux | 11.00 |
| openssl | openssl | 0.9.6h |
| novell | edirectory | 8.7.1 |
| bluecoat | proxysg | * |
| cisco | pix_firewall_software | 6.3(3.109) |
| neoteris | instant_virtual_extranet | 3.3.1 |
| forcepoint | stonegate | 2.0.8 |
| cisco | gss_4480_global_site_selector | * |
| dell | bsafe_ssl-j | 3.0 |
| litespeedtech | litespeed_web_server | 1.0.1 |
| novell | imanager | 1.5 |
| securecomputing | sidewinder | 5.2.1 |
| cisco | pix_firewall_software | 6.0(4) |
| cisco | pix_firewall_software | 6.1(1) |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| 4d | webstar | 5.2.3 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| cisco | pix_firewall_software | 6.3 |
| avaya | sg200 | 4.4 |
| dell | bsafe_ssl-j | 3.1 |
| avaya | sg203 | 4.4 |
| avaya | intuity_audix | s3400 |
| cisco | mds_9000 | * |
| stonesoft | stonebeat_webcluster | 2.5 |
| avaya | vsu | 10000_r2.0.1 |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| freebsd | freebsd | 4.9 |
| sgi | propack | 2.3 |
| checkpoint | firewall-1 | 2.0 |
| cisco | content_services_switch_11500 | * |
| vmware | gsx_server | 2.5.1_build_5336 |
| securecomputing | sidewinder | 5.2.0.03 |
| cisco | pix_firewall_software | 6.0 |
| securecomputing | sidewinder | 5.2.0.02 |
| cisco | pix_firewall_software | 6.2(3) |
| cisco | ios | 12.2sy |
| avaya | sg208 | * |
| redhat | enterprise_linux | 3.0 |
| checkpoint | provider-1 | 4.1 |
| redhat | linux | 7.2 |
| neoteris | instant_virtual_extranet | 3.2 |
| cisco | okena_stormwatch | 3.2 |
| avaya | sg203 | 4.31.29 |
| avaya | intuity_audix | 5.1.46 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| openssl | openssl | 0.9.7 |
| openssl | openssl | 0.9.6g |
| avaya | vsu | 500 |
| cisco | webns | 6.10 |
| dell | bsafe_ssl-j | 3.0.1 |
| cisco | threat_response | * |
| stonesoft | stonebeat_fullcluster | 3.0 |
| vmware | gsx_server | 2.0 |
| avaya | vsu | 5x |
| cisco | pix_firewall_software | 6.1(5) |
| cisco | ios | 12.1(11)e |
| cisco | webns | 7.1_0.2.06 |
| apple | mac_os_x | 10.3.3 |
| forcepoint | stonegate | 1.7.1 |
| vmware | gsx_server | 2.5.1 |
| freebsd | freebsd | 4.8 |
| cisco | pix_firewall_software | 6.1 |
| openssl | openssl | 0.9.7a |
| forcepoint | stonegate | 2.0.4 |
| forcepoint | stonegate | 2.2.4 |
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 4.5.2_build_8848 |
VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | * |
Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 5.0.0_build_13124 |
Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | * |
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 2.0 |
| vmware | esx | 2.1.2 |
| vmware | esx | 2.1.1 |
| vmware | esx | 2.5 |
| vmware | esx | 2.5.2 |
| vmware | esx | 2.0.1 |
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | * |
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | player | 1.0.0 |
| vmware | workstation | 5.0.0_build_13124 |
| vmware | workstation | 4.0.1 |
| vmware | workstation | 4.5.2 |
| vmware | gsx_server | 2.5.1_build_5336 |
| vmware | gsx_server | 2.0.1_build_2129 |
| vmware | gsx_server | 3.1 |
| vmware | gsx_server | 3.2 |
| vmware | workstation | 5.5 |
| vmware | ace | 1.0 |
| vmware | gsx_server | 2.5.1 |
| vmware | workstation | 4.0 |
| vmware | gsx_server | 3.0_build_7592 |
| vmware | gsx_server | 3.0 |
| vmware | workstation | 3.4 |
| vmware | workstation | 4.5.2_build_8848 |
| vmware | gsx_server | 2.5.2 |
| vmware | workstation | 3.2.1 |
| vmware | gsx_server | 2.0 |
| vmware | workstation | 4.0.2 |
Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 2.0 |
| vmware | esx | 2.1.2 |
| vmware | esx | 2.1.1 |
| vmware | esx | 2.5 |
| vmware | esx | 2.5.2 |
| vmware | esx | 2.0.1 |
The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 1.5.2 |
| vmware | esx | 2.0 |
| vmware | esx | 2.1.2 |
| vmware | esx | 2.1.1 |
| vmware | esx | 2.5 |
| vmware | esx | * |
| vmware | esx | 2.0.1 |
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 1.0.1_build_29996 |
EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | player | * |
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 2.0 |
| vmware | esx | 2.1.2 |
| vmware | player | * |
| vmware | infrastructure | 3 |
| vmware | esx | 2.1.1 |
| vmware | esx | 2.5 |
| vmware | esx | 2.5.2 |
| vmware | workstation | 5.5.3 |
| vmware | server | 1.0.1_build_29996 |
| vmware | esx | 2.1 |
| vmware | esx | 2.0.1 |
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-776,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 4.0 |
| apple | iphone_os | * |
| redhat | enterprise_linux_workstation | 4.0 |
| vmware | esx | 2.5.4 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | enterprise_linux_server | 4.0 |
| canonical | ubuntu_linux | 6.06 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_server | 2.0 |
| vmware | esx | 3.0.2 |
| redhat | enterprise_linux_workstation | 2.0 |
| redhat | enterprise_linux_server | 3.0 |
| xmlsoft | libxml2 | * |
| redhat | enterprise_linux_eus | 4.7 |
| redhat | enterprise_linux_workstation | 3.0 |
| vmware | esx | 2.5.5 |
| redhat | enterprise_linux_desktop | 5.0 |
| fedoraproject | fedora | 9 |
| canonical | ubuntu_linux | 7.04 |
| canonical | ubuntu_linux | 8.04 |
| apple | safari | * |
| canonical | ubuntu_linux | 7.10 |
| redhat | enterprise_linux_desktop | 4.0 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_eus | 5.2 |
| vmware | esx | 3.0.3 |
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gratisoft | sudo | 1.6.9 |
| vmware | esx | 4.0 |
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.14.3 |
| linux | linux_kernel | 2.6.19.4 |
| linux | linux_kernel | 2.6.15.10 |
| linux | linux_kernel | 2.6.16.19 |
| linux | linux_kernel | 2.6.17.3 |
| linux | linux_kernel | 2.6.24.2 |
| linux | linux_kernel | 2.6.17.8 |
| linux | linux_kernel | 2.6.18.8 |
| linux | linux_kernel | 2.6.20.1 |
| linux | linux_kernel | 2.6.16.10 |
| linux | linux_kernel | 2.6.22.7 |
| linux | linux_kernel | 2.6.11.3 |
| linux | linux_kernel | 2.6.13.4 |
| linux | linux_kernel | 2.6.17.9 |
| linux | linux_kernel | 2.6.16.53 |
| linux | linux_kernel | 2.6.17.6 |
| linux | linux_kernel | 2.6.11.12 |
| linux | linux_kernel | 2.6.22.13 |
| vmware | vma | 4.0 |
| linux | linux_kernel | 2.6.20.11 |
| linux | linux_kernel | 2.6.20.13 |
| linux | linux_kernel | 2.6.22.6 |
| linux | linux_kernel | 2.6.20.8 |
| linux | linux_kernel | 2.6.15.1 |
| linux | linux_kernel | 2.6.14.1 |
| linux | linux_kernel | 2.6.16.15 |
| linux | linux_kernel | 2.6.19.6 |
| linux | linux_kernel | 2.6.16.13 |
| linux | linux_kernel | 2.6.19.3 |
| linux | linux_kernel | 2.6.23.3 |
| linux | linux_kernel | 2.6.16.14 |
| linux | linux_kernel | 2.6.23.17 |
| linux | linux_kernel | 2.6.16.33 |
| linux | linux_kernel | 2.6.9 |
| linux | linux_kernel | 2.6.20.9 |
| linux | linux_kernel | 2.6.11.10 |
| linux | linux_kernel | 2.6.20.19 |
| linux | linux_kernel | 2.6.17.7 |
| linux | linux_kernel | 2.6.12.1 |
| linux | linux_kernel | 2.6.18 |
| linux | linux_kernel | 2.6.23.9 |
| linux | linux_kernel | 2.6.16.44 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.6.14.2 |
| linux | linux_kernel | 2.6.16.25 |
| linux | linux_kernel | 2.6.24.1 |
| linux | linux_kernel | * |
| linux | linux_kernel | 2.6.16.7 |
| vmware | esx | 4.0 |
| linux | linux_kernel | 2.6.5 |
| linux | linux_kernel | 2.6.16.18 |
| linux | linux_kernel | 2.6.16.12 |
| linux | linux_kernel | 2.6.16.62 |
| linux | linux_kernel | 2.6.16.46 |
| linux | linux_kernel | 2.6.17.14 |
| linux | linux_kernel | 2.6.16.38 |
| linux | linux_kernel | 2.6.24.4 |
| linux | linux_kernel | 2.6.21.5 |
| linux | linux_kernel | 2.6.16.57 |
| linux | linux_kernel | 2.6.20.16 |
| linux | linux_kernel | 2.6.16.27 |
| linux | linux_kernel | 2.6.14.5 |
| linux | linux_kernel | 2.6.22.3 |
| linux | linux_kernel | 2.6.16.5 |
| linux | linux_kernel | 2.6.16.45 |
| linux | linux_kernel | 2.6.16.43 |
| linux | linux_kernel | 2.6.18.5 |
| linux | linux_kernel | 2.6.23.14 |
| linux | linux_kernel | 2.6.16.17 |
| linux | linux_kernel | 2.6.17.5 |
| linux | linux_kernel | 2.6.23.11 |
| linux | linux_kernel | 2.6.13.5 |
| linux | linux_kernel | 2.6.14.4 |
| linux | linux_kernel | 2.6.16.9 |
| linux | linux_kernel | 2.6.16.28 |
| linux | linux_kernel | 2.6.22.8 |
| vmware | esx | 2.5.5 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.6.1 |
| vmware | virtualcenter | 2.5 |
| linux | linux_kernel | 2.6.14 |
| linux | linux_kernel | 2.6.16.24 |
| linux | linux_kernel | 2.6.20.18 |
| linux | linux_kernel | 2.6.11.5 |
| linux | linux_kernel | 2.6.20.10 |
| linux | linux_kernel | 2.6.23.12 |
| linux | linux_kernel | 2.6.14.7 |
| linux | linux_kernel | 2.6.20.12 |
| linux | linux_kernel | 2.6.23.10 |
| linux | linux_kernel | 2.6.21.4 |
| linux | linux_kernel | 2.6.16.42 |
| linux | linux_kernel | 2.6.16.6 |
| linux | linux_kernel | 2.6.22.10 |
| linux | linux_kernel | 2.6.18.1 |
| linux | linux_kernel | 2.6.16.58 |
| linux | linux_kernel | 2.6.16.3 |
| linux | linux_kernel | 2.6.11.6 |
| linux | linux_kernel | 2.6.16.60 |
| linux | linux_kernel | 2.6.22.5 |
| linux | linux_kernel | 2.6.7 |
| linux | linux_kernel | 2.6.16.50 |
| linux | linux_kernel | 2.6.19.5 |
| linux | linux_kernel | 2.6.16.21 |
| linux | linux_kernel | 2.6.11.4 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.6.16.40 |
| linux | linux_kernel | 2.6.22.15 |
| linux | linux_kernel | 2.6.15.5 |
| linux | linux_kernel | 2.6.22.1 |
| linux | linux_kernel | 2.6.16.52 |
| linux | linux_kernel | 2.6.22.12 |
| linux | linux_kernel | 2.6.22.20 |
| linux | linux_kernel | 2.6.12.2 |
| linux | linux_kernel | 2.6.16.54 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.16.39 |
| linux | linux_kernel | 2.6.24.6 |
| linux | linux_kernel | 2.6.16.32 |
| linux | linux_kernel | 2.6.22.17 |
| linux | linux_kernel | 2.6.23 |
| linux | linux_kernel | 2.6.16.59 |
| linux | linux_kernel | 2.6.17.10 |
| linux | linux_kernel | 2.6.13.3 |
| linux | linux_kernel | 2.6.15.7 |
| linux | linux_kernel | 2.6.23.4 |
| linux | linux_kernel | 2.6.20.17 |
| linux | linux_kernel | 2.6.16.34 |
| linux | linux_kernel | 2.6.22 |
| linux | linux_kernel | 2.6.18.6 |
| linux | linux_kernel | 2.6.14.6 |
| vmware | esx | 3.5 |
| linux | linux_kernel | 2.6.23.5 |
| linux | linux_kernel | 2.6.19.2 |
| linux | linux_kernel | 2.6.15 |
| linux | linux_kernel | 2.6.21 |
| linux | linux_kernel | 2.6.18.2 |
| vmware | server | 2.0.0 |
| linux | linux_kernel | 2.6.22.2 |
| linux | linux_kernel | 2.6.22.9 |
| linux | linux_kernel | 2.6.20.7 |
| linux | linux_kernel | 2.6.21.2 |
| linux | linux_kernel | 2.6.20.5 |
| linux | linux_kernel | 2.6.15.6 |
| linux | linux_kernel | 2.6.16.41 |
| linux | linux_kernel | 2.6.22.11 |
| linux | linux_kernel | 2.6.20.20 |
| linux | linux_kernel | 2.6.17.4 |
| linux | linux_kernel | 2.6.20.14 |
| linux | linux_kernel | 2.6.17.12 |
| linux | linux_kernel | 2.6.18.7 |
| linux | linux_kernel | 2.6.23.13 |
| linux | linux_kernel | 2.6.16.47 |
| linux | linux_kernel | 2.6.16.26 |
| vmware | virtualcenter | 2.0.2 |
| linux | linux_kernel | 2.6.16.11 |
| linux | linux_kernel | 2.6.19.7 |
| linux | linux_kernel | 2.6.15.11 |
| linux | linux_kernel | 2.6.12.5 |
| linux | linux_kernel | 2.6.21.7 |
| linux | linux_kernel | 2.6.19 |
| linux | linux_kernel | 2.6.21.1 |
| linux | linux_kernel | 2.6.20.21 |
| linux | linux_kernel | 2.6.19.1 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.6.16.8 |
| linux | linux_kernel | 2.6.11.9 |
| linux | linux_kernel | 2.6.22.4 |
| linux | linux_kernel | 2.6.12.3 |
| linux | linux_kernel | 2.6.17.11 |
| linux | linux_kernel | 2.6.20 |
| linux | linux_kernel | 2.6.11.11 |
| linux | linux_kernel | 2.6.16.4 |
| linux | linux_kernel | 2.6.11.8 |
| linux | linux_kernel | 2.6.18.4 |
| linux | linux_kernel | 2.6.17.1 |
| linux | linux_kernel | 2.6.16.22 |
| vmware | esx | 3.0.3 |
| linux | linux_kernel | 2.6.22.19 |
| vmware | vcenter | 4.0 |
| linux | linux_kernel | 2.6.15.3 |
| linux | linux_kernel | 2.6.20.15 |
| linux | linux_kernel | 2.6.17 |
| linux | linux_kernel | 2.6.20.2 |
| linux | linux_kernel | 2.6.15.8 |
| linux | linux_kernel | 2.6.11.2 |
| linux | linux_kernel | 2.6.23.15 |
| linux | linux_kernel | 2.6.16.37 |
| linux | linux_kernel | 2.6.16.30 |
| linux | linux_kernel | 2.6.24.3 |
| linux | linux_kernel | 2.6.12.6 |
| linux | linux_kernel | 2.6.20.6 |
| linux | linux_kernel | 2.6.24 |
| linux | linux_kernel | 2.6.17.2 |
| linux | linux_kernel | 2.6.13.2 |
| linux | linux_kernel | 2.6.23.6 |
| linux | linux_kernel | 2.6.16.2 |
| linux | linux_kernel | 2.6.22.18 |
| linux | linux_kernel | 2.6.23.2 |
| linux | linux_kernel | 2.6.20.3 |
| linux | linux_kernel | 2.6.16.29 |
| linux | linux_kernel | 2.6.10 |
| linux | linux_kernel | 2.6.16.31 |
| linux | linux_kernel | 2.6.16.49 |
| linux | linux_kernel | 2.6.21.3 |
| linux | linux_kernel | 2.6.15.4 |
| linux | linux_kernel | 2.6.16.36 |
| linux | linux_kernel | 2.6.21.6 |
| linux | linux_kernel | 2.6.16.35 |
| linux | linux_kernel | 2.6.13.1 |
| linux | linux_kernel | 2.6.16.1 |
| linux | linux_kernel | 2.6.18.3 |
| linux | linux_kernel | 2.6.8.1 |
| linux | linux_kernel | 2.6.20.4 |
| linux | linux_kernel | 2.6.2 |
| linux | linux_kernel | 2.6.16.61 |
| linux | linux_kernel | 2.6.23.16 |
| linux | linux_kernel | 2.6.16.56 |
| linux | linux_kernel | 2.6.22.16 |
| linux | linux_kernel | 2.6.16.55 |
| linux | linux_kernel | 2.6.16.48 |
| linux | linux_kernel | 2.6.16.16 |
| linux | linux_kernel | 2.6.16.51 |
| linux | linux_kernel | 2.6.15.9 |
| linux | linux_kernel | 2.6.17.13 |
| linux | linux_kernel | 2.6.12.4 |
| linux | linux_kernel | 2.6.11.7 |
| linux | linux_kernel | 2.6.23.1 |
| linux | linux_kernel | 2.6.11.1 |
| linux | linux_kernel | 2.6.15.2 |
| linux | linux_kernel | 2.6.16.23 |
| linux | linux_kernel | 2.6.23.8 |
| linux | linux_kernel | 2.6.16 |
| linux | linux_kernel | 2.6.16.20 |
| linux | linux_kernel | 2.6.24.5 |
| linux | linux_kernel | 2.6.13 |
| linux | linux_kernel | 2.6.22.14 |
| linux | linux_kernel | 2.6.11 |
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.1 |
| debian | debian_linux | 4.0 |
| vmware | vma | 4.0 |
| debian | debian_linux | 5.0 |
| vmware | esx | 3.5 |
| canonical | ubuntu_linux | 8.04 |
| vmware | virtualcenter | 2.5 |
| canonical | ubuntu_linux | 6.06 |
| vmware | vcenter_server | 4.0 |
| vmware | virtualcenter | 2.0.2 |
| canonical | ubuntu_linux | 8.10 |
| vmware | server | 2.0.0 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
| opensuse | opensuse | 10.3 |
| suse | linux_enterprise_server | 10 |
| suse | linux_enterprise_desktop | 10 |
| opensuse | opensuse | 11.0 |
| canonical | ubuntu_linux | 9.04 |
| vmware | esx | 3.0.3 |
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | open_vm_tools | 2009.03.18-154848 |
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | open-vm-tools | 2009.03.18-154848 |
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | movie_decoder | 6.5.3 |
| vmware | server | 2.0.2 |
| vmware | player | 2.5.2 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | server | 2.0.0 |
| vmware | player | 2.5 |
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | movie_decoder | 6.5.3 |
| vmware | server | 2.0.2 |
| vmware | player | 2.5.2 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | server | 2.0.0 |
| vmware | player | 2.5 |
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | virtualcenter | 2.0.2 |
| vmware | esx_server | 3.0.3 |
| vmware | virtualcenter | 2.5 |
| vmware | esx_server | 3.5 |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 4.0 |
| apple | iphone_os | * |
| redhat | enterprise_linux | 5.0 |
| xmlsoft | libxml2 | 2.6.32 |
| xmlsoft | libxml2 | 2.5.10 |
| canonical | ubuntu_linux | 6.06 |
| vmware | vcenter_server | 4.0 |
| sun | openoffice.org | * |
| fedoraproject | fedora | 11 |
| apple | mac_os_x_server | * |
| vmware | esxi | 4.0 |
| vmware | esxi | 3.5 |
| canonical | ubuntu_linux | 9.04 |
| xmlsoft | libxml | 1.8.17 |
| xmlsoft | libxml2 | 2.6.16 |
| xmlsoft | libxml2 | 2.6.26 |
| suse | linux_enterprise_server | 9 |
| vmware | vma | 4.0 |
| suse | linux_enterprise | 11.0 |
| fedoraproject | fedora | 10 |
| opensuse | opensuse | * |
| vmware | esx | 3.5 |
| xmlsoft | libxml2 | 2.6.27 |
| canonical | ubuntu_linux | 8.04 |
| apple | safari | * |
| redhat | enterprise_linux | 4.0 |
| suse | linux_enterprise | 10.0 |
| apple | mac_os_x | * |
| canonical | ubuntu_linux | 8.10 |
| redhat | enterprise_linux | 3.0 |
| vmware | esx | 4.0 |
| chrome | * | |
| vmware | esx | 3.0.3 |
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 4.0 |
| suse | linux_enterprise_server | 9 |
| fedoraproject | fedora | 10 |
| redhat | enterprise_linux_eus | 4.8 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_eus | 5.3 |
| canonical | ubuntu_linux | 8.04 |
| redhat | enterprise_linux_server | 4.0 |
| canonical | ubuntu_linux | 6.06 |
| vmware | vcenter_server | 4.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| redhat | enterprise_linux_workstation | 5.0 |
| canonical | ubuntu_linux | 8.10 |
| linux | linux_kernel | * |
| redhat | enterprise_linux_server_aus | 5.3 |
| vmware | esxi | 4.0 |
| redhat | enterprise_linux_server | 5.0 |
| suse | linux_enterprise_server | 10 |
| suse | linux_enterprise_desktop | 10 |
| canonical | ubuntu_linux | 9.04 |
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-129,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.1 |
| canonical | ubuntu_linux | 9.10 |
| debian | debian_linux | 4.0 |
| redhat | virtualization | 5.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| vmware | esx | 3.5 |
| canonical | ubuntu_linux | 8.04 |
| linux | linux_kernel | 2.6.32 |
| canonical | ubuntu_linux | 6.06 |
| redhat | enterprise_linux_eus | 5.4 |
| canonical | ubuntu_linux | 8.10 |
| redhat | fedora | 10 |
| linux | linux_kernel | * |
| opensuse | opensuse | 11.2 |
| redhat | enterprise_linux_server_workstation | 5.0 |
| redhat | enterprise_linux_server | 5.0 |
| suse | linux_enterprise_server | 10 |
| suse | linux_enterprise_desktop | 10 |
| canonical | ubuntu_linux | 9.04 |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,CWE-476,CWE-672,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 9.10 |
| novell | linux_desktop | 9 |
| vmware | vma | 4.0 |
| fedoraproject | fedora | 10 |
| canonical | ubuntu_linux | 8.04 |
| suse | suse_linux_enterprise_desktop | 10 |
| linux | linux_kernel | 2.6.32 |
| canonical | ubuntu_linux | 6.06 |
| canonical | ubuntu_linux | 8.10 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
| opensuse | opensuse | 11.2 |
| suse | suse_linux_enterprise_server | 10 |
| opensuse | opensuse | 11.0 |
| canonical | ubuntu_linux | 9.04 |
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 9.10 |
| vmware | vma | 4.0 |
| fedoraproject | fedora | 10 |
| canonical | ubuntu_linux | 8.04 |
| suse | suse_linux_enterprise_desktop | 10 |
| canonical | ubuntu_linux | 6.06 |
| canonical | ubuntu_linux | 8.10 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
| opensuse | opensuse | 11.2 |
| suse | suse_linux_enterprise_server | 10 |
| opensuse | opensuse | 11.0 |
| canonical | ubuntu_linux | 9.04 |
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | workstation | 6.5.4 |
| vmware | ace | 2.5.2 |
| vmware | player | 2.5.2 |
| vmware | ace | 2.5.0 |
| vmware | ace | 2.5.4 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | player | 2.5.4 |
| vmware | player | 2.5 |
| vmware | player | 3.0 |
| vmware | ace | 2.5.1 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | ace | 2.6.1 |
| vmware | server | 2.0.2 |
| vmware | workstation | 7.0 |
| vmware | ace | 2.6 |
| vmware | player | 3.0.1 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | server | 2.0.0 |
| vmware | workstation | 7.0.1 |
| vmware | ace | 2.5.3 |
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | player | * |
| vmware | ace | * |
| vmware | player | 3.0 |
| vmware | server | * |
| vmware | workstation | 7.0 |
| vmware | ace | 2.6 |
| vmware | workstation | * |
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | server | 1.0.5 |
| vmware | server | 1.0.7 |
| vmware | server | 1.0.9 |
| vmware | server | 1.0.8 |
| vmware | server | 1.0.1_build_29996 |
| vmware | esx | 3.5 |
| vmware | server | 1.0.3 |
| vmware | server | 1.0 |
| vmware | server | 1.0.4 |
| vmware | server | 2.0.0 |
| vmware | server | 1.0.1 |
| vmware | esxi | 3.5 |
| vmware | server | 1.0.4_build_56528 |
| vmware | server | 1.0.2 |
| vmware | esx | 3.0.3 |
| vmware | server | 1.0.6 |
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | workstation | 6.5.4 |
| vmware | ace | 2.5.2 |
| vmware | player | 2.5.2 |
| vmware | ace | 2.5.0 |
| vmware | ace | 2.5.4 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | player | 2.5.4 |
| vmware | player | 2.5 |
| vmware | player | 3.0 |
| vmware | ace | 2.5.1 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | ace | 2.6.1 |
| vmware | server | 2.0.2 |
| vmware | workstation | 7.0 |
| vmware | ace | 2.6 |
| vmware | player | 3.0.1 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | server | 2.0.0 |
| vmware | workstation | 7.0.1 |
| vmware | ace | 2.5.3 |
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-252,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 4.1 |
| apple | mac_os_x | * |
| apple | mac_os_x_server | * |
| vmware | esxi | 4.0 |
| openldap | openldap | 2.4.22 |
| opensuse | opensuse | 11.0 |
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | virtualcenter | 2.0.2 |
| vmware | server | 2.0.0 |
| vmware | esx_server | 3.0.3 |
| vmware | virtualcenter | 2.5 |
| vmware | esx_server | 3.5 |
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | virtualcenter | 2.0.2 |
| vmware | esx_server | 3.0.3 |
| vmware | virtualcenter | 2.5 |
| vmware | server | 1.0 |
| vmware | esx_server | 3.5 |
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | fusion | 2.0.6 |
| vmware | fusion | 2.0 |
| vmware | fusion | 2.0.2 |
| vmware | ace | 2.5.2 |
| vmware | fusion | 3.0 |
| vmware | player | 2.5.2 |
| vmware | ace | 2.5.0 |
| vmware | fusion | 2.0.5 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | player | 2.5 |
| vmware | fusion | 2.0.1 |
| vmware | player | 3.0 |
| vmware | ace | 2.5.1 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | server | 2.0.2 |
| vmware | workstation | 7.0 |
| vmware | fusion | 2.0.4 |
| vmware | ace | 2.6 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | fusion | 2.0.3 |
| vmware | server | 2.0.0 |
| vmware | ace | 2.5.3 |
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | fusion | 2.0.6 |
| vmware | fusion | 2.0 |
| vmware | fusion | 2.0.2 |
| vmware | server | 2.0.2 |
| vmware | vix_api | 1.6.1 |
| vmware | player | 2.5.2 |
| vmware | fusion | 2.0.4 |
| vmware | fusion | 2.0.5 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | fusion | 2.0.3 |
| vmware | server | 2.0.0 |
| vmware | player | 2.5 |
| vmware | fusion | 2.0.1 |
| vmware | vix_api | 1.6.0 |
The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | player | 3.0 |
| vmware | workstation | 7.0 |
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | fusion | 2.0 |
| vmware | fusion | 2.0.2 |
| vmware | ace | 2.5.2 |
| vmware | fusion | 3.0 |
| vmware | player | 2.5.2 |
| vmware | ace | 2.5.0 |
| vmware | fusion | 2.0.5 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | esxi | 4.0 |
| vmware | player | 2.5 |
| vmware | esxi | 3.5 |
| vmware | fusion | 2.0.1 |
| vmware | ace | 2.5.1 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | esx | 2.5.5 |
| vmware | server | 2.0.2 |
| vmware | esx | 3.5 |
| vmware | fusion | 2.0.4 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | fusion | 2.0.3 |
| vmware | server | 2.0.0 |
| vmware | esx | 4.0 |
| vmware | ace | 2.5.3 |
| vmware | esx | 3.0.3 |
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | fusion | 2.0 |
| vmware | fusion | 2.0.2 |
| vmware | ace | 2.5.2 |
| vmware | fusion | 3.0 |
| vmware | player | 2.5.2 |
| vmware | ace | 2.5.0 |
| vmware | fusion | 2.0.5 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | esxi | 4.0 |
| vmware | player | 2.5 |
| vmware | esxi | 3.5 |
| vmware | fusion | 2.0.1 |
| vmware | ace | 2.5.1 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | esx | 2.5.5 |
| vmware | server | 2.0.2 |
| vmware | esx | 3.5 |
| vmware | fusion | 2.0.4 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | fusion | 2.0.3 |
| vmware | server | 2.0.0 |
| vmware | esx | 4.0 |
| vmware | ace | 2.5.3 |
| vmware | esx | 3.0.3 |
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | view_manager | 3.1.2 |
| vmware | view_manager | 3.1.1 |
| vmware | view_manager | 3.1.3 |
Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.0 |
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apple | itunes | * |
| opensuse | opensuse | 11.1 |
| fedoraproject | fedora | 12 |
| apple | iphone_os | * |
| debian | debian_linux | 5.0 |
| mozilla | thunderbird | * |
| suse | linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 6.06 |
| apple | mac_os_x_server | * |
| suse | linux_enterprise_server | 10 |
| canonical | ubuntu_linux | 9.04 |
| canonical | ubuntu_linux | 9.10 |
| vmware | player | * |
| suse | linux_enterprise_server | 9 |
| canonical | ubuntu_linux | 10.04 |
| libpng | libpng | * |
| canonical | ubuntu_linux | 8.04 |
| apple | safari | * |
| apple | mac_os_x | * |
| mozilla | firefox | * |
| fedoraproject | fedora | 13 |
| mozilla | seamonkey | * |
| opensuse | opensuse | 11.2 |
| chrome | * | |
| vmware | workstation | * |
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tc_server | 6.0.20.a |
| vmware | tc_server | 6.0.20.b |
| vmware | tc_server | 6.0.20.c |
| vmware | tc_server | 6.0.19.a |
| vmware | tc_server | 6.0.19 |
| vmware | tc_server | 6.0.20 |
| vmware | tc_server | 6.0.25.a |
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| canonical | ubuntu_linux | 9.10 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| canonical | ubuntu_linux | 8.04 |
| suse | linux_enterprise_high_availability_extension | 11 |
| canonical | ubuntu_linux | 6.06 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
| suse | suse_linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 9.04 |
| suse | suse_linux_enterprise_desktop | 11 |
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apple | itunes | * |
| opensuse | opensuse | 11.1 |
| fedoraproject | fedora | 12 |
| canonical | ubuntu_linux | 9.10 |
| vmware | player | * |
| apple | iphone_os | * |
| suse | linux_enterprise_server | 9 |
| debian | debian_linux | 5.0 |
| apple | tvos | * |
| canonical | ubuntu_linux | 10.04 |
| libpng | libpng | * |
| suse | linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 8.04 |
| apple | safari | * |
| canonical | ubuntu_linux | 6.06 |
| fedoraproject | fedora | 13 |
| opensuse | opensuse | 11.2 |
| suse | linux_enterprise_server | 10 |
| canonical | ubuntu_linux | 9.04 |
| vmware | workstation | * |
VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | studio | 2.0 |
Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| avaya | aura_voice_portal | 5.0 |
| avaya | aura_presence_services | 6.0 |
| avaya | aura_session_manager | 5.2 |
| avaya | aura_session_manager | 1.1 |
| avaya | iq | 5.0 |
| avaya | iq | 5.1 |
| avaya | aura_system_platform | 1.1 |
| avaya | aura_presence_services | 6.1.1 |
| avaya | aura_system_platform | 6.0 |
| avaya | aura_voice_portal | 5.1 |
| avaya | aura_session_manager | 6.0 |
| avaya | aura_system_manager | 5.2 |
| linux | linux_kernel | * |
| avaya | aura_communication_manager | 5.2 |
| vmware | esx | 4.0 |
| avaya | aura_system_manager | 6.1 |
| avaya | aura_system_manager | 6.0 |
| avaya | aura_presence_services | 6.1 |
| avaya | aura_system_manager | 6.1.1 |
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| canonical | ubuntu_linux | 6.06 |
| canonical | ubuntu_linux | 9.10 |
| linux | linux_kernel | * |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| vmware | esx | 4.0 |
| canonical | ubuntu_linux | 8.04 |
| suse | suse_linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 9.04 |
| suse | suse_linux_enterprise_desktop | 11 |
Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | studio | 2.0 |
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.1 |
| vmware | esx | 4.1 |
| avaya | aura_session_manager | 5.2 |
| debian | debian_linux | 5.0 |
| avaya | aura_session_manager | 1.1 |
| avaya | iq | 5.1 |
| avaya | aura_presence_services | 6.1.1 |
| avaya | aura_system_platform | 6.0 |
| suse | linux_enterprise_high_availability_extension | 11 |
| canonical | ubuntu_linux | 6.06 |
| avaya | voice_portal | 5.0 |
| avaya | aura_system_manager | 6.1 |
| avaya | aura_system_manager | 6.0 |
| canonical | ubuntu_linux | 9.04 |
| suse | suse_linux_enterprise_desktop | 11 |
| canonical | ubuntu_linux | 9.10 |
| avaya | aura_presence_services | 6.0 |
| avaya | iq | 5.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| avaya | aura_system_platform | 1.1 |
| canonical | ubuntu_linux | 8.04 |
| avaya | voice_portal | 5.1 |
| avaya | aura_session_manager | 6.0 |
| avaya | aura_system_manager | 5.2 |
| linux | linux_kernel | * |
| avaya | aura_communication_manager | 5.2 |
| vmware | esx | 4.0 |
| suse | suse_linux_enterprise_server | 11 |
| avaya | aura_presence_services | 6.1 |
| avaya | aura_system_manager | 6.1.1 |
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 4.1 |
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.1 |
| vmware | esx | 4.1 |
| avaya | aura_session_manager | 5.2 |
| avaya | aura_session_manager | 1.1 |
| avaya | iq | 5.1 |
| opensuse | opensuse | 11.3 |
| linux | linux_kernel | 2.6.36 |
| avaya | aura_presence_services | 6.1.1 |
| avaya | aura_system_platform | 6.0 |
| canonical | ubuntu_linux | 6.06 |
| avaya | voice_portal | 5.0 |
| avaya | aura_system_manager | 6.1 |
| suse | suse_linux_enterprise_server | 10 |
| avaya | aura_system_manager | 6.0 |
| canonical | ubuntu_linux | 9.04 |
| suse | suse_linux_enterprise_desktop | 11 |
| canonical | ubuntu_linux | 9.10 |
| avaya | aura_presence_services | 6.0 |
| avaya | iq | 5.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| avaya | aura_system_platform | 1.1 |
| canonical | ubuntu_linux | 8.04 |
| suse | suse_linux_enterprise_desktop | 10 |
| avaya | voice_portal | 5.1 |
| avaya | aura_session_manager | 6.0 |
| avaya | aura_system_manager | 5.2 |
| linux | linux_kernel | * |
| avaya | aura_communication_manager | 5.2 |
| vmware | esx | 4.0 |
| suse | suse_linux_enterprise_server | 11 |
| avaya | aura_presence_services | 6.1 |
| avaya | aura_system_manager | 6.1.1 |
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| avaya | aura_voice_portal | 5.0 |
| avaya | aura_session_manager | 5.2 |
| avaya | aura_session_manager | 1.1 |
| avaya | iq | 5.1 |
| avaya | aura_presence_services | 6.1.1 |
| avaya | aura_system_platform | 6.0 |
| canonical | ubuntu_linux | 6.06 |
| avaya | aura_system_manager | 6.1 |
| avaya | aura_system_manager | 6.0 |
| canonical | ubuntu_linux | 9.10 |
| avaya | aura_presence_services | 6.0 |
| avaya | iq | 5.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| avaya | aura_system_platform | 1.1 |
| avaya | aura_voice_portal | 5.1 |
| avaya | aura_session_manager | 6.0 |
| avaya | aura_system_manager | 5.2 |
| linux | linux_kernel | * |
| avaya | aura_communication_manager | 5.2 |
| vmware | esx | 4.0 |
| avaya | aura_presence_services | 6.1 |
| avaya | aura_system_manager | 6.1.1 |
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.1 |
| vmware | esx | 4.1 |
| canonical | ubuntu_linux | 9.10 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| opensuse | opensuse | 11.3 |
| linux | linux_kernel | 2.6.36 |
| canonical | ubuntu_linux | 8.04 |
| canonical | ubuntu_linux | 6.06 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
| suse | suse_linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 9.04 |
| suse | suse_linux_enterprise_desktop | 11 |
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
| linux | linux_kernel | 2.6.36 |
| suse | suse_linux_enterprise_server | 11 |
| suse | suse_linux_enterprise_desktop | 11 |
The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | player | 3.0.1 |
| vmware | workstation | 7.1 |
| vmware | player | 3.0 |
| vmware | workstation | 7.0 |
| vmware | workstation | 7.1.1 |
| vmware | workstation | 7.0.1 |
| vmware | player | 3.1 |
| vmware | player | 3.1.1 |
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| openslp | openslp | 1.2.1 |
| vmware | esxi | 4.0 |
| vmware | esx | 4.0 |
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | springsource_spring_security | 2.0.1 |
| vmware | springsource_spring_security | 2.0.2 |
| acegisecurity | acegi-security | 1.0.4 |
| acegisecurity | acegi-security | 1.0.2 |
| vmware | springsource_spring_security | 3.0.1 |
| vmware | springsource_spring_security | 3.0.2 |
| ibm | websphere_application_server | 6.1 |
| acegisecurity | acegi-security | 1.0.7 |
| vmware | springsource_spring_security | 2.0.4 |
| ibm | websphere_application_server | 7.0 |
| acegisecurity | acegi-security | 1.0.3 |
| vmware | springsource_spring_security | 3.0.0 |
| vmware | springsource_spring_security | 3.0.3 |
| vmware | springsource_spring_security | 2.0.3 |
| vmware | springsource_spring_security | 2.0.5 |
| acegisecurity | acegi-security | 1.0.0 |
| acegisecurity | acegi-security | 1.0.1 |
| acegisecurity | acegi-security | 1.0.5 |
| acegisecurity | acegi-security | 1.0.6 |
| vmware | springsource_spring_security | 2.0.0 |
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-1284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 9.10 |
| vmware | esxi | 4.1 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 5.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| opensuse | opensuse | 11.3 |
| suse | linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 8.04 |
| canonical | ubuntu_linux | 6.06 |
| suse | linux_enterprise_real_time_extension | 11 |
| linux | linux_kernel | * |
| suse | linux_enterprise_desktop | 11 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| opensuse | opensuse | 11.2 |
| vmware | esxi | 3.5 |
| canonical | ubuntu_linux | 9.04 |
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
| redhat | enterprise_linux | 4.0 |
The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esx | 3.0.0 |
| vmware | esxi | 4.1 |
| vmware | esx | 3.0.1 |
| vmware | esx | 3.5 |
| linux | linux_kernel | * |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | esx | 3.0.2 |
| vmware | esxi | 3.5 |
| vmware | esx | 3.0.3 |
The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | server | 2.0.1 |
| vmware | workstation | 6.5.4 |
| vmware | workstation | 7.1.2 |
| vmware | player | 2.5.2 |
| vmware | workstation | 7.1.1 |
| vmware | player | 3.1 |
| vmware | movie_decoder | 7.0 |
| vmware | movie_decoder | 7.1.2 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | workstation | 7.1 |
| vmware | player | 2.5.4 |
| vmware | workstation | 6.5.5 |
| vmware | player | 2.5 |
| vmware | player | 3.0 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | movie_decoder | 6.5.3 |
| vmware | server | 2.0.2 |
| vmware | workstation | 7.0 |
| vmware | player | 3.1.1 |
| vmware | player | 3.1.2 |
| vmware | player | 2.5.5 |
| vmware | player | 3.0.1 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | movie_decoder | * |
| vmware | server | 2.0.0 |
| vmware | movie_decoder | 6.5.4 |
| vmware | workstation | 7.0.1 |
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 7.1.2 |
| vmware | server | 2.0.2 |
| vmware | workstation | 7.0 |
| vmware | workstation | 7.1.1 |
| vmware | player | 3.1 |
| vmware | player | 3.1.1 |
| vmware | player | 3.1.2 |
| vmware | fusion | 3.1.2 |
| vmware | fusion | 3.1 |
| vmware | fusion | 3.1.1 |
| vmware | workstation | 7.1 |
| vmware | workstation | 7.0.1 |
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 7.1.2 |
| vmware | server | 2.0.2 |
| vmware | workstation | 7.0 |
| vmware | workstation | 7.1.1 |
| vmware | player | 3.1 |
| vmware | player | 3.1.1 |
| vmware | player | 3.1.2 |
| vmware | fusion | 3.1.2 |
| vmware | fusion | 3.1 |
| vmware | fusion | 3.1.1 |
| vmware | workstation | 7.1 |
| vmware | workstation | 7.0.1 |
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | fusion | 2.0.6 |
| vmware | workstation | 7.1.2 |
| vmware | fusion | 2.0.7 |
| vmware | fusion | 2.0 |
| vmware | fusion | 2.0.2 |
| vmware | player | 2.5.2 |
| vmware | workstation | 7.1.1 |
| vmware | fusion | 2.0.5 |
| vmware | player | 3.1 |
| vmware | workstation | 6.5.1 |
| vmware | fusion | 3.1 |
| vmware | workstation | 6.5.2 |
| vmware | workstation | 7.1 |
| vmware | player | 2.5.4 |
| vmware | workstation | 6.5.5 |
| vmware | esxi | 4.0 |
| vmware | player | 2.5 |
| vmware | esxi | 3.5 |
| vmware | fusion | 2.0.1 |
| vmware | fusion | 2.0.8 |
| vmware | player | 2.5.1 |
| vmware | workstation | 6.5.0 |
| vmware | esxi | 4.1 |
| vmware | workstation | 7.0 |
| vmware | esx | 3.5 |
| vmware | fusion | 2.0.4 |
| vmware | player | 3.1.1 |
| vmware | player | 3.1.2 |
| vmware | fusion | 3.1.2 |
| vmware | fusion | 3.1.1 |
| vmware | player | 2.5.5 |
| vmware | player | 2.5.3 |
| vmware | workstation | 6.5.3 |
| vmware | fusion | 2.0.3 |
| vmware | esx | 4.0 |
| vmware | workstation | 7.0.1 |
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| redhat | enterprise_mrg | 1.0 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
| linux | linux_kernel | 2.6.11 |
The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 4.1 |
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| linux | linux_kernel | * |
| vmware | esx | 4.0 |
| canonical | ubuntu_linux | 8.04 |
Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| cisco | 1000v_virtual_ethernet_module_(vem) | 4.0(4) |
| vmware | esxi | 4.0 |
| vmware | esx | 4.0 |
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter | 4.0 |
| vmware | vcenter | 4.1 |
| vmware | virtualcenter | 2.5 |
VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tc_server | 2.0.2 |
| vmware | tc_server | 2.1.1 |
| vmware | tc_server | 2.0.4 |
| vmware | tc_server | 2.0.5 |
| vmware | tc_server | 2.0.0 |
| vmware | tc_server | 2.0.3 |
| vmware | tc_server | 2.1.0 |
| vmware | tc_server | 2.0.1 |
VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 6.5.4 |
| vmware | workstation | 7.1.2 |
| vmware | vix_api | 1.6.1 |
| vmware | vix_api | 1.8 |
| vmware | workstation | 7.1.3 |
| vmware | workstation | 7.1.1 |
| vmware | vix_api | 1.1.1 |
| vmware | vix_api | 1.1.5 |
| vmware | workstation | 6.5.1 |
| vmware | workstation | 6.5.2 |
| vmware | workstation | 7.1 |
| vmware | vix_api | 1.9 |
| vmware | workstation | 6.5.5 |
| vmware | vix_api | 1.1.4 |
| vmware | workstation | 6.5.0 |
| vmware | vix_api | 1.0 |
| vmware | workstation | 7.0 |
| vmware | vix_api | 1.1 |
| vmware | vix_api | 1.8.1 |
| vmware | vix_api | 1.1.2 |
| vmware | workstation | 6.5.3 |
| vmware | vix_api | 1.7 |
| vmware | vix_api | 1.6.0 |
| vmware | vix_api | 1.1.3 |
| vmware | workstation | 7.0.1 |
vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
CVSS 2.0
Severity: LOW
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | open-vm-tools | * |
VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esx | 4.0 |
lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| likewise | likewise_open | 5.3 |
| vmware | esxi | 4.1 |
| likewise | likewise_open | 6.0 |
Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | workstation | 7.1.2 |
| vmware | esxi | 4.1 |
| vmware | workstation | 7.1.3 |
| vmware | workstation | 7.1.1 |
| vmware | esx | 3.5 |
| vmware | player | 3.1 |
| vmware | player | 3.1.1 |
| vmware | player | 3.1.2 |
| vmware | fusion | 3.1.2 |
| vmware | fusion | 3.1 |
| vmware | fusion | 3.1.1 |
| vmware | player | 3.1.3 |
| vmware | esxi | 4.0 |
| vmware | esx | 4.0 |
| vmware | esxi | 3.5 |
| vmware | esx | 3.0.3 |
vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter | 4.0 |
| vmware | vcenter | 4.1 |
The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | vcenter | 4.0 |
| vmware | esxi | 4.1 |
| vmware | vcenter | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esx | 4.0 |
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | workstation | 7.1.2 |
| vmware | esxi | 4.1 |
| vmware | workstation | 7.1.3 |
| vmware | workstation | 7.1.1 |
| vmware | esx | 3.5 |
| vmware | player | 3.1 |
| vmware | player | 3.1.1 |
| vmware | player | 3.1.2 |
| vmware | fusion | 3.1.2 |
| vmware | fusion | 3.1 |
| vmware | fusion | 3.1.1 |
| vmware | player | 3.1.3 |
| vmware | esxi | 4.0 |
| vmware | esx | 4.0 |
| vmware | esxi | 3.5 |
| vmware | esx | 3.0.3 |
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | workstation | 7.1.2 |
| vmware | esxi | 4.1 |
| vmware | workstation | 7.1.3 |
| vmware | workstation | 7.1.1 |
| vmware | esx | 3.5 |
| vmware | player | 3.1 |
| vmware | player | 3.1.1 |
| vmware | player | 3.1.2 |
| vmware | fusion | 3.1.2 |
| vmware | fusion | 3.1 |
| vmware | fusion | 3.1.1 |
| vmware | player | 3.1.3 |
| vmware | esxi | 4.0 |
| vmware | esx | 4.0 |
| vmware | esxi | 3.5 |
| vmware | esx | 3.0.3 |
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tomsawyer | get_extension_factory | 5.5.2.237 |
| vmware | infrastructure | 3 |
| vmware | virtual_infrastructure_client | 2.0.2 |
| vmware | virtual_infrastructure_client | 2.5 |
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | * |
| vmware | spring_security | * |
Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 7.1.2 |
| vmware | workstation | 7.1.3 |
| vmware | workstation | 7.0 |
| vmware | workstation | 7.1.1 |
| vmware | player | 3.1 |
| vmware | player | 3.1.1 |
| vmware | player | 3.1.2 |
| vmware | fusion | 3.1.2 |
| vmware | player | 3.1.4 |
| vmware | fusion | 3.1 |
| vmware | fusion | 3.1.1 |
| vmware | player | 3.1.3 |
| vmware | player | 3.0.1 |
| vmware | workstation | 7.1 |
| vmware | player | 3.0 |
| vmware | ams | * |
| vmware | workstation | 7.0.1 |
| vmware | workstation | 7.1.4 |
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_update_manager | 4.1 |
| vmware | vcenter_update_manager | 4.0 |
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | zimbra_desktop | 7.1.2 |
VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_chargeback_manager | * |
| vmware | vcenter_chargeback_manager | 1.6.2 |
The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | view | * |
Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | view | * |
Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | view | * |
Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | view | * |
Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere | * |
The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_orchestrator | 4.0 |
| vmware | vcenter_orchestrator | 4.1 |
Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vshield_manager | * |
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esx | 4.0 |
| vmware | esxi | 3.5 |
| vmware | esx | 3.5 |
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 3.1 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esx | 4.0 |
| vmware | esxi | 3.5 |
| vmware | esx | 3.5 |
The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | fusion | 4.1 |
| vmware | fusion | 4.0.2 |
| vmware | fusion | 4.1.1 |
| vmware | esx | 3.5 |
| vmware | workstation | 8.0 |
| vmware | workstation | 8.0.1 |
| vmware | player | 4.0.1 |
| vmware | fusion | 4.0.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | fusion | 4.0 |
| vmware | esxi | 3.5 |
| vmware | player | 4.0.2 |
| vmware | player | 4.0 |
VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | esxi | 3.5 |
| vmware | esx | 3.5 |
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | fusion | 4.1 |
| vmware | fusion | 4.0.2 |
| vmware | fusion | 4.1.1 |
| vmware | fusion | 4.1.2 |
| vmware | esx | 3.5 |
| vmware | workstation | 8.0 |
| vmware | workstation | 8.0.1 |
| vmware | player | 4.0.1 |
| vmware | workstation | 8.0.2 |
| vmware | fusion | 4.0.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | fusion | 4.0 |
| vmware | esxi | 3.5 |
| vmware | player | 4.0.2 |
| vmware | player | 4.0 |
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | fusion | 4.1 |
| vmware | fusion | 4.0.2 |
| vmware | fusion | 4.1.1 |
| vmware | esx | 3.5 |
| vmware | workstation | 8.0 |
| vmware | workstation | 8.0.1 |
| vmware | player | 4.0.1 |
| vmware | workstation | 8.0.2 |
| vmware | fusion | 4.0.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | fusion | 4.0 |
| vmware | esxi | 3.5 |
| vmware | player | 4.0.2 |
| vmware | player | 4.0 |
Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vma | 4.1 |
| vmware | vma | 4.0 |
| vmware | vma | 5.0.0.1 |
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | workstation | 7.1.4.16648 |
| vmware | player | 3.1.5 |
| vmware | workstation | 7.1.2 |
| vmware | fusion | 4.1 |
| vmware | workstation | 7.1.3 |
| vmware | player | 4.0.3 |
| vmware | workstation | 7.1.1 |
| vmware | player | 3.1 |
| vmware | workstation | 8.0 |
| vmware | player | 3.1.4 |
| vmware | workstation | 8.0.1 |
| vmware | workstation | 7.1 |
| vmware | fusion | 4.0.1 |
| vmware | workstation | 7.1.5 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | fusion | 4.0 |
| vmware | esxi | 3.5 |
| vmware | player | 3.0 |
| vmware | player | 4.0.2 |
| vmware | player | 4.0 |
| vmware | workstation | 7.1.4 |
| vmware | esxi | 4.1 |
| vmware | fusion | 4.0.2 |
| vmware | fusion | 4.1.1 |
| vmware | fusion | 4.1.2 |
| vmware | workstation | 7.0 |
| vmware | esx | 3.5 |
| vmware | player | 3.1.1 |
| vmware | player | 3.1.2 |
| vmware | player | 3.1.3 |
| vmware | player | 3.0.1 |
| vmware | player | 4.0.1 |
| vmware | workstation | 8.0.2 |
| vmware | esx | 4.0 |
| vmware | workstation | 8.0.3 |
| vmware | workstation | 7.0.1 |
VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | player | 4.0.3 |
| vmware | esx | 3.5 |
| vmware | workstation | 8.0 |
| vmware | workstation | 8.0.1 |
| vmware | player | 4.0.1 |
| vmware | workstation | 8.0.2 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | esxi | 3.5 |
| vmware | workstation | 8.0.3 |
| vmware | player | 4.0.2 |
| vmware | player | 4.0 |
The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | view | 4.5 |
| vmware | view | 4.6.1 |
| vmware | view | 4.6.0 |
| vmware | view | 5.0.1 |
| vmware | view | 5.0.0 |
| vmware | view | 4.0.0 |
| vmware | view | 5.1.0 |
Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.1 |
| vmware | vcenter_server_appliance | 5.0 |
VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.0 |
| vmware | vcenter_server_appliance | * |
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.0 |
| vmware | vcenter_server | 5.0 |
| vmware | vcenter_server | 4.1 |
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | vi-client | 2.5 |
| vmware | vcenter_server | 4.1 |
| vmware | vsphere_client | 4.1 |
| vmware | esx | 3.5 |
| vmware | virtualcenter | 2.5 |
| vmware | vcenter_server | 4.0 |
| vmware | esxi | 4.0 |
| vmware | vsphere_client | 4.0 |
| vmware | esx | 4.0 |
| vmware | esxi | 3.5 |
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | view | 5.1.1 |
| vmware | view | 4.6.1 |
| vmware | fusion | 4.1 |
| vmware | esxi | 5.1 |
| vmware | view | 5.0.1 |
| vmware | view | 5.0.0 |
| vmware | view | 4.0.0 |
| vmware | workstation | 8.0 |
| vmware | workstation | 8.0.1 |
| vmware | workstation | 9.0 |
| vmware | workstation | 8.0.4 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | fusion | 4.1.3 |
| vmware | fusion | 5.0 |
| vmware | view | 5.0 |
| vmware | esxi | 4.1 |
| vmware | fusion | 4.1.1 |
| vmware | fusion | 4.1.2 |
| vmware | view | 5.1.0 |
| vmware | view | 4.5 |
| vmware | workstation | 8.0.1.27038 |
| vmware | fusion | 5.0.1 |
| vmware | view | 4.6.0 |
| vmware | workstation | 8.0.2 |
| vmware | esx | 4.0 |
| vmware | workstation | 8.0.3 |
| vmware | workstation | 8.0.0.18997 |
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.1 |
| vmware | vcenter_server | 4.0 |
| vmware | esxi | 4.1 |
| vmware | esxi | 5.1 |
| vmware | vcenter_server | 5.0 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esxi | 3.5 |
| vmware | vcenter_server_appliance | 5.1.0a |
VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 5.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | player | 4.0.4 |
| vmware | workstation | 9.0.1 |
| vmware | player | 5.0.1 |
| vmware | player | 5.0 |
| vmware | player | 4.0.6 |
| vmware | workstation | 9.0.2 |
| vmware | player | 4.0.0.18997 |
| vmware | player | 4.0.3 |
| vmware | workstation | 8.0 |
| vmware | player | 5.0.2 |
| vmware | workstation | 8.0.1.27038 |
| vmware | workstation | 8.0.1 |
| vmware | player | 4.0.1 |
| vmware | workstation | 8.0.2 |
| vmware | workstation | 9.0 |
| vmware | workstation | 8.0.4 |
| vmware | player | 4.0.5 |
| vmware | workstation | 8.0.6 |
| vmware | workstation | 8.0.5 |
| vmware | workstation | 8.0.3 |
| vmware | workstation | 8.0.0.18997 |
| vmware | player | 4.0.2 |
| vmware | player | 4.0 |
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.1 |
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.1 |
VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.0 |
lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | workstation | 9.0.1 |
| vmware | player | 5.0.1 |
| vmware | esxi | 4.1 |
| vmware | player | 5.0 |
| vmware | esxi | 5.1 |
| vmware | workstation | 9.0.2 |
| vmware | fusion | 5.0.3 |
| vmware | player | 5.0.2 |
| vmware | fusion | 5.0.1 |
| vmware | fusion | 5.0.2 |
| vmware | workstation | 9.0 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | fusion | 5.0 |
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_chargeback_manager | * |
| vmware | vcenter_chargeback_manager | 1.6.2 |
| vmware | vcenter_chargeback_manager | 1.5.0 |
| vmware | vcenter_chargeback_manager | 2.0.0 |
| vmware | vcenter_chargeback_manager | 1.6.0 |
| vmware | vcenter_chargeback_manager | 2.0.1 |
| vmware | vcenter_chargeback_manager | 1.6.1 |
Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| springsource | spring_framework | 3.0.2 |
| springsource | spring_framework | 3.0.5 |
| springsource | spring_framework | 3.0.3 |
| springsource | spring_framework | 3.0.0.m1 |
| vmware | spring_framework | 3.1.1 |
| vmware | spring_framework | 3.0.6 |
| vmware | spring_framework | 3.2.1 |
| vmware | spring_framework | 3.1.4 |
| springsource | spring_framework | 3.0.0 |
| vmware | spring_framework | 4.0.0 |
| vmware | spring_framework | 3.1.0 |
| vmware | spring_framework | 3.1.2 |
| springsource | spring_framework | 3.0.4 |
| springsource | spring_framework | 3.0.1 |
| vmware | spring_framework | 3.1.3 |
| vmware | spring_framework | 3.2.0 |
| vmware | spring_framework | * |
| springsource | spring_framework | 3.0.0.m2 |
| vmware | spring_framework | 3.0.7 |
| vmware | spring_framework | 3.2.2 |
hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcenter_server | 4.1.0.17435 |
| vmware | vcenter_server | 5.0 |
| vmware | vcenter_server | 4.1 |
| vmware | vcenter_server | 4.1.0.14766 |
| vmware | vcenter_server | 4.0.0.12305 |
| vmware | vcenter_server | 4.0.0.10021 |
| vmware | vcenter_server | 4.1.0.12319 |
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 9.0.1 |
| vmware | player | 5.0.1 |
| vmware | player | 5.0 |
| vmware | workstation | 9.0 |
| vmware | workstation | 9.0.2 |
| vmware | player | 5.0.2 |
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 5.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | hyperic_hq | 4.6.6 |
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | 4.0.0 |
| pivotal_software | spring_framework | * |
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| springsource | spring_framework | 3.0.2 |
| springsource | spring_framework | 3.0.5 |
| springsource | spring_framework | 3.0.3 |
| springsource | spring_framework | 3.0.0.m1 |
| vmware | spring_framework | 3.1.1 |
| vmware | spring_framework | 3.0.6 |
| vmware | spring_framework | 3.2.1 |
| vmware | spring_framework | 3.1.4 |
| springsource | spring_framework | 3.0.0 |
| vmware | spring_framework | 4.0.0 |
| vmware | spring_framework | 3.1.0 |
| vmware | spring_framework | 3.1.2 |
| springsource | spring_framework | 3.0.4 |
| springsource | spring_framework | 3.0.1 |
| vmware | spring_framework | 3.1.3 |
| vmware | spring_framework | 3.2.0 |
| vmware | spring_framework | * |
| springsource | spring_framework | 3.0.0.m2 |
| vmware | spring_framework | 3.0.7 |
| vmware | spring_framework | 3.2.2 |
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | 3.2.3 |
| springsource | spring_framework | 3.0.2 |
| vmware | spring_framework | 3.1.1 |
| vmware | spring_framework | 3.2.4 |
| vmware | spring_framework | 3.0.6 |
| springsource | spring_framework | 4.0.1 |
| springsource | spring_framework | 3.0.0 |
| vmware | spring_framework | 4.0.0 |
| springsource | spring_framework | 4.0.0 |
| vmware | spring_framework | 3.1.0 |
| vmware | spring_framework | 3.1.2 |
| springsource | spring_framework | 3.2.6 |
| springsource | spring_framework | 3.0.1 |
| vmware | spring_framework | 3.1.3 |
| vmware | spring_framework | 3.2.0 |
| vmware | spring_framework | * |
| vmware | spring_framework | 3.0.7 |
| vmware | spring_framework | 3.2.2 |
| springsource | spring_framework | 3.0.5 |
| springsource | spring_framework | 3.0.3 |
| springsource | spring_framework | 3.2.5 |
| springsource | spring_framework | 3.0.0.m1 |
| vmware | spring_framework | 3.2.1 |
| vmware | spring_framework | 3.1.4 |
| springsource | spring_framework | 3.0.4 |
| springsource | spring_framework | 3.0.0.m2 |
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | 3.1.4 |
| vmware | spring_security | 3.2.1 |
| vmware | spring_security | 3.1.1 |
| vmware | spring_security | 3.2.0 |
| vmware | spring_security | 3.1.5 |
| vmware | spring_security | 3.1.0 |
| vmware | spring_security | 3.1.2 |
| vmware | spring_security | 3.1.3 |
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | 3.2.3 |
| vmware | spring_framework | 3.1.1 |
| vmware | spring_framework | 3.2.4 |
| vmware | spring_framework | 3.0.6 |
| vmware | spring_framework | 3.0.2 |
| pivotal_software | spring_framework | 3.0.0 |
| vmware | spring_framework | 3.2.8 |
| vmware | spring_framework | 4.0.0 |
| vmware | spring_framework | 3.1.0 |
| vmware | spring_framework | 3.1.2 |
| vmware | spring_framework | 3.0.1 |
| vmware | spring_framework | 3.2.7 |
| vmware | spring_framework | 3.1.3 |
| vmware | spring_framework | 3.2.0 |
| vmware | spring_framework | 3.0.4 |
| vmware | spring_framework | 4.0.1 |
| vmware | spring_framework | 3.0.7 |
| vmware | spring_framework | 3.2.2 |
| vmware | spring_framework | 3.0.5 |
| pivotal_software | spring_framework | 3.2.0 |
| vmware | spring_framework | 3.2.1 |
| vmware | spring_framework | 4.0.2 |
| vmware | spring_framework | 4.0.3 |
| vmware | spring_framework | 4.0.4 |
| vmware | spring_framework | 3.1.4 |
| vmware | spring_framework | 3.2.5 |
| vmware | spring_framework | 3.0.3 |
| pivotal_software | spring_framework | 4.0.0 |
| vmware | spring_framework | 3.2.6 |
| pivotal_software | spring_framework | 3.1.0 |
VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | esxi | 5.1 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esx | 4.1 |
| vmware | esxi | 4.1 |
| vmware | player | 5.0 |
| vmware | esxi | 5.1 |
| vmware | workstation | 9.0 |
| vmware | esxi | 4.0 |
| vmware | esxi | 5.0 |
| vmware | esx | 4.0 |
| vmware | fusion | 5.0 |
VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_client | 4.0 |
| vmware | vsphere_client | 4.1 |
| vmware | vsphere_client | 5.0 |
| vmware | vsphere_client | 5.1 |
VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_client | 5.0 |
| vmware | vsphere_client | 5.1 |
Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcloud_director | 5.1.1 |
| vmware | vcloud_director | 5.1.0 |
| vmware | vcloud_director | 5.1.2 |
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 10.0.1_build_1379776 |
| vmware | player | 6.0.1_build_1379776 |
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | 3.2.3 |
| vmware | spring_security | 3.1.4 |
| vmware | spring_security | 3.2.1 |
| vmware | spring_security | 3.1.1 |
| vmware | spring_security | 3.2.0 |
| vmware | spring_security | 3.2.4 |
| vmware | spring_security | 3.1.0 |
| vmware | spring_security | 3.1.2 |
| vmware | spring_security | 3.2.2 |
| vmware | spring_security | 3.1.3 |
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | spring_framework | * |
| vmware | spring_framework | * |
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.1 |
| vmware | vcenter_server_appliance | 5.5 |
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 10.0.1 |
| vmware | esxi | 5.1 |
| vmware | fusion | 6.0 |
| vmware | fusion | 6.0.2 |
| vmware | fusion | 6.0.1 |
| vmware | esxi | 5.0 |
| vmware | player | 6.0.1 |
| vmware | player | 6.0 |
| vmware | esxi | 5.5 |
| vmware | workstation | 10.0 |
VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | nsx | 6.0.5 |
| vmware | nsx | 6.0.2 |
| vmware | vcloud_networking_and_security | 5.1.2 |
| vmware | vcloud_networking_and_security | 5.1 |
| vmware | vcloud_networking_and_security | 5.5.1 |
| vmware | vcloud_networking_and_security | 5.1.4 |
| vmware | vcloud_networking_and_security | 5.1.4.1 |
| vmware | vcloud_networking_and_security | 5.5.2.1 |
| vmware | vcloud_networking_and_security | 5.1.1 |
| vmware | vcloud_networking_and_security | 5.5.0a |
| vmware | nsx | 6.0.4 |
| vmware | vcloud_networking_and_security | 5.1.3 |
| vmware | vcloud_networking_and_security | 5.5.2 |
| vmware | nsx | 6.0.3 |
| vmware | nsx | 6.0 |
| vmware | nsx | 6.0.1 |
| vmware | vcloud_networking_and_security | 5.5 |
Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.1 |
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.2 |
| vmware | tools | * |
| vmware | vm-support | 0.88 |
| vmware | workstation | * |
| vmware | workstation | 10.0 |
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.2 |
| vmware | tools | * |
| vmware | vm-support | 0.88 |
| vmware | workstation | * |
| vmware | workstation | 10.0 |
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.1 |
| vmware | vcenter_server | 5.1 |
| vmware | esxi | 5.1 |
| oracle | fusion_middleware | 10.3.6 |
| vmware | vcenter_server | 5.0 |
| vmware | vcenter_server | 5.5 |
| oracle | fusion_middleware | 10.0.2 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_server | 12 |
| oracle | solaris | 11.3 |
| suse | linux_enterprise_desktop | 12 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| oracle | mysql | * |
| opensuse_project | suse_linux_enterprise_desktop | 11.0 |
| suse | linux_enterprise_workstation_extension | 12 |
| suse | linux_enterprise_server | 11 |
| debian | debian_linux | 7.0 |
| vmware | vcenter_server_appliance | 5.1 |
| vmware | vcenter_server_appliance | 5.0 |
| suse | linux_enterprise_desktop | 11 |
| suse | linux_enterprise_software_development_kit | 11 |
| mariadb | mariadb | * |
| suse | linux_enterprise_software_development_kit | 12 |
| vmware | vcenter_server_appliance | 5.5 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_data_protection | 5.5.1 |
| vmware | vsphere_data_protection | 5.5.8 |
| vmware | vsphere_data_protection | 5.5.6 |
| vmware | vsphere_data_protection | 5.5.7 |
| vmware | vsphere_data_protection | 5.8.0 |
| vmware | vsphere_data_protection | 5.1 |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_server | 12 |
| redhat | enterprise_linux_eus | 7.7 |
| f5 | traffix_signaling_delivery_controller | 3.4.1 |
| suse | linux_enterprise_desktop | 12 |
| f5 | big-iq_cloud | * |
| novell | zenworks_configuration_management | 11.1 |
| f5 | big-ip_wan_optimization_manager | * |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 |
| f5 | arx_firmware | * |
| ibm | infosphere_guardium_database_activity_monitoring | 9.1 |
| f5 | big-ip_application_acceleration_manager | 11.6.0 |
| novell | zenworks_configuration_management | 10.3 |
| redhat | enterprise_linux_workstation | 6.0 |
| suse | linux_enterprise_desktop | 11 |
| ibm | qradar_vulnerability_manager | 7.2.1 |
| f5 | big-iq_device | * |
| suse | linux_enterprise_server | 10 |
| f5 | big-ip_application_acceleration_manager | * |
| f5 | traffix_signaling_delivery_controller | 3.5.1 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| f5 | big-ip_link_controller | * |
| novell | open_enterprise_server | 11.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.2 |
| f5 | big-ip_global_traffic_manager | 11.6.0 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.5 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.4 |
| f5 | big-ip_local_traffic_manager | 11.6.0 |
| f5 | big-ip_analytics | 11.6.0 |
| suse | studio_onsite | 1.3 |
| f5 | big-ip_access_policy_manager | 11.6.0 |
| redhat | enterprise_linux | 4.0 |
| f5 | big-ip_local_traffic_manager | * |
| vmware | vcenter_server_appliance | 5.0 |
| redhat | enterprise_linux_eus | 7.4 |
| f5 | traffix_signaling_delivery_controller | 4.1.0 |
| novell | zenworks_configuration_management | 11 |
| ibm | qradar_security_information_and_event_manager | 7.1.2 |
| f5 | traffix_signaling_delivery_controller | 3.3.2 |
| ibm | qradar_security_information_and_event_manager | 7.2.1 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.5 |
| f5 | big-ip_application_security_manager | * |
| redhat | virtualization | 3.4 |
| ibm | san_volume_controller_firmware | * |
| redhat | enterprise_linux_eus | 6.4 |
| redhat | enterprise_linux_server_aus | 5.9 |
| ibm | qradar_security_information_and_event_manager | 7.2.6 |
| ibm | qradar_security_information_and_event_manager | 7.2.7 |
| ibm | qradar_vulnerability_manager | 7.2.4 |
| ibm | stn6800_firmware | * |
| f5 | big-iq_security | * |
| ibm | qradar_security_information_and_event_manager | 7.2.2 |
| qnap | qts | 4.1.1 |
| ibm | smartcloud_entry_appliance | 2.4.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.1 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.7 |
| novell | open_enterprise_server | 2.0 |
| ibm | storwize_v3500_firmware | * |
| ibm | qradar_security_information_and_event_manager | 7.2 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.4_s390x |
| ibm | qradar_security_information_and_event_manager | 7.1.0 |
| f5 | big-ip_analytics | * |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.5 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| opensuse | opensuse | 12.3 |
| canonical | ubuntu_linux | 14.04 |
| f5 | big-ip_advanced_firewall_manager | * |
| ibm | infosphere_guardium_database_activity_monitoring | 8.2 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.6 |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.7 |
| mageia | mageia | 3.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.6_s390x |
| redhat | enterprise_linux_for_ibm_z_systems | 7.7_s390x |
| apple | mac_os_x | * |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| f5 | traffix_signaling_delivery_controller | * |
| redhat | enterprise_linux_for_power_big_endian | 6.4_ppc64 |
| redhat | enterprise_linux_server_tus | 7.3 |
| vmware | esx | 4.0 |
| ibm | flex_system_v7000_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| vmware | vcenter_server_appliance | 5.5 |
| oracle | linux | 6 |
| oracle | linux | 4 |
| vmware | esx | 4.1 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 |
| ibm | smartcloud_provisioning | 2.1.0 |
| redhat | enterprise_linux_server | 7.0 |
| ibm | starter_kit_for_cloud | 2.2.0 |
| f5 | big-ip_edge_gateway | * |
| f5 | enterprise_manager | * |
| ibm | qradar_security_information_and_event_manager | 7.2.8.15 |
| ibm | qradar_vulnerability_manager | 7.2.0 |
| f5 | big-ip_advanced_firewall_manager | 11.6.0 |
| checkpoint | security_gateway | * |
| redhat | enterprise_linux_server | 6.0 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.1 |
| ibm | smartcloud_entry_appliance | 3.2.0 |
| redhat | enterprise_linux_server_tus | 6.5 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.2 |
| qnap | qts | * |
| ibm | qradar_vulnerability_manager | 7.2.8 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.3 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.5 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_workstation | 5.0 |
| ibm | qradar_risk_manager | 7.1.0 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| redhat | enterprise_linux_server_aus | 5.6 |
| ibm | qradar_security_information_and_event_manager | 7.2.4 |
| f5 | big-ip_protocol_security_module | * |
| citrix | netscaler_sdx_firmware | * |
| redhat | enterprise_linux_for_power_big_endian | 5.0_ppc |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.5_ppc64 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| ibm | pureapplication_system | 2.0.0.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| vmware | vcenter_server_appliance | 5.1 |
| f5 | big-ip_webaccelerator | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.5_s390x |
| ibm | smartcloud_entry_appliance | 2.3.0 |
| suse | linux_enterprise_software_development_kit | 11 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_from_rhui | 5.0 |
| ibm | smartcloud_entry_appliance | 3.1.0 |
| f5 | big-ip_policy_enforcement_manager | * |
| ibm | software_defined_network_for_virtual_environments | * |
| redhat | enterprise_linux_server | 5.0 |
| suse | linux_enterprise_software_development_kit | 12 |
| ibm | qradar_security_information_and_event_manager | 7.2.9 |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| redhat | enterprise_linux_for_power_big_endian | 5.9_ppc |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 5.9_s390x |
| ibm | workload_deployer | * |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux_eus | 6.5 |
| ibm | qradar_security_information_and_event_manager | 7.2.3 |
| redhat | enterprise_linux | 5.0 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.3 |
| mageia | mageia | 4.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.3_s390x |
| ibm | qradar_vulnerability_manager | 7.2.2 |
| suse | linux_enterprise_server | 11 |
| debian | debian_linux | 7.0 |
| ibm | pureapplication_system | * |
| novell | zenworks_configuration_management | 11.2 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.0 |
| redhat | enterprise_linux_eus | 7.6 |
| ibm | storwize_v7000_firmware | * |
| ibm | stn6500_firmware | * |
| arista | eos | * |
| f5 | big-ip_access_policy_manager | * |
| ibm | qradar_security_information_and_event_manager | 7.2.8 |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.5_s390x |
| ibm | qradar_vulnerability_manager | 7.2.3 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.8 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| ibm | qradar_security_information_and_event_manager | 7.1.1 |
| ibm | qradar_vulnerability_manager | 7.2.6 |
| ibm | stn7800_firmware | * |
| canonical | ubuntu_linux | 10.04 |
| oracle | linux | 5 |
| redhat | enterprise_linux_eus | 7.5 |
| novell | zenworks_configuration_management | 11.3.0 |
| ibm | storwize_v5000_firmware | * |
| f5 | big-ip_link_controller | 11.6.0 |
| f5 | big-ip_application_security_manager | 11.6.0 |
| gnu | bash | * |
| redhat | enterprise_linux_server_aus | 6.4 |
| ibm | storwize_v3700_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| f5 | big-ip_global_traffic_manager | * |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.4_s390x |
| redhat | enterprise_linux_desktop | 6.0 |
| opensuse | opensuse | 13.1 |
| redhat | gluster_storage_server_for_on-premise | 2.1 |
| redhat | enterprise_linux_eus | 5.9 |
| f5 | big-ip_policy_enforcement_manager | 11.6.0 |
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_server | 12 |
| redhat | enterprise_linux_eus | 7.7 |
| f5 | traffix_signaling_delivery_controller | 3.4.1 |
| suse | linux_enterprise_desktop | 12 |
| f5 | big-iq_cloud | * |
| novell | zenworks_configuration_management | 11.1 |
| f5 | big-ip_wan_optimization_manager | * |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 |
| f5 | arx_firmware | * |
| ibm | infosphere_guardium_database_activity_monitoring | 9.1 |
| f5 | big-ip_application_acceleration_manager | 11.6.0 |
| novell | zenworks_configuration_management | 10.3 |
| redhat | enterprise_linux_workstation | 6.0 |
| suse | linux_enterprise_desktop | 11 |
| ibm | qradar_vulnerability_manager | 7.2.1 |
| f5 | big-iq_device | * |
| suse | linux_enterprise_server | 10 |
| f5 | big-ip_application_acceleration_manager | * |
| f5 | traffix_signaling_delivery_controller | 3.5.1 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_for_scientific_computing | 6.0 |
| f5 | big-ip_link_controller | * |
| novell | open_enterprise_server | 11.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.2 |
| f5 | big-ip_global_traffic_manager | 11.6.0 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.5 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.4 |
| f5 | big-ip_local_traffic_manager | 11.6.0 |
| f5 | big-ip_analytics | 11.6.0 |
| suse | studio_onsite | 1.3 |
| f5 | big-ip_access_policy_manager | 11.6.0 |
| redhat | enterprise_linux | 4.0 |
| f5 | big-ip_local_traffic_manager | * |
| vmware | vcenter_server_appliance | 5.0 |
| redhat | enterprise_linux_eus | 7.4 |
| f5 | traffix_signaling_delivery_controller | 4.1.0 |
| novell | zenworks_configuration_management | 11 |
| ibm | qradar_security_information_and_event_manager | 7.1.2 |
| f5 | traffix_signaling_delivery_controller | 3.3.2 |
| ibm | qradar_security_information_and_event_manager | 7.2.1 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.5 |
| f5 | big-ip_application_security_manager | * |
| redhat | virtualization | 3.4 |
| ibm | san_volume_controller_firmware | * |
| redhat | enterprise_linux_eus | 6.4 |
| redhat | enterprise_linux_server_aus | 5.9 |
| ibm | qradar_security_information_and_event_manager | 7.2.6 |
| ibm | qradar_security_information_and_event_manager | 7.2.7 |
| ibm | qradar_vulnerability_manager | 7.2.4 |
| ibm | stn6800_firmware | * |
| f5 | big-iq_security | * |
| ibm | qradar_security_information_and_event_manager | 7.2.2 |
| qnap | qts | 4.1.1 |
| ibm | smartcloud_entry_appliance | 2.4.0 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.1 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.7 |
| novell | open_enterprise_server | 2.0 |
| ibm | storwize_v3500_firmware | * |
| ibm | qradar_security_information_and_event_manager | 7.2 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.4_s390x |
| ibm | qradar_security_information_and_event_manager | 7.1.0 |
| f5 | big-ip_analytics | * |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.5 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| opensuse | opensuse | 12.3 |
| canonical | ubuntu_linux | 14.04 |
| f5 | big-ip_advanced_firewall_manager | * |
| ibm | infosphere_guardium_database_activity_monitoring | 8.2 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.6 |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.7 |
| mageia | mageia | 3.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.6_s390x |
| redhat | enterprise_linux_for_ibm_z_systems | 7.7_s390x |
| apple | mac_os_x | * |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| f5 | traffix_signaling_delivery_controller | * |
| redhat | enterprise_linux_for_power_big_endian | 6.4_ppc64 |
| redhat | enterprise_linux_server_tus | 7.3 |
| vmware | esx | 4.0 |
| ibm | flex_system_v7000_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| vmware | vcenter_server_appliance | 5.5 |
| oracle | linux | 6 |
| oracle | linux | 4 |
| vmware | esx | 4.1 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 |
| ibm | smartcloud_provisioning | 2.1.0 |
| redhat | enterprise_linux_server | 7.0 |
| ibm | starter_kit_for_cloud | 2.2.0 |
| f5 | big-ip_edge_gateway | * |
| f5 | enterprise_manager | * |
| ibm | qradar_security_information_and_event_manager | 7.2.8.15 |
| ibm | qradar_vulnerability_manager | 7.2.0 |
| f5 | big-ip_advanced_firewall_manager | 11.6.0 |
| checkpoint | security_gateway | * |
| redhat | enterprise_linux_server | 6.0 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.1 |
| ibm | smartcloud_entry_appliance | 3.2.0 |
| redhat | enterprise_linux_server_tus | 6.5 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.2 |
| qnap | qts | * |
| ibm | qradar_vulnerability_manager | 7.2.8 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.3 |
| ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.5 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_workstation | 5.0 |
| ibm | qradar_risk_manager | 7.1.0 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| redhat | enterprise_linux_server_aus | 5.6 |
| ibm | qradar_security_information_and_event_manager | 7.2.4 |
| f5 | big-ip_protocol_security_module | * |
| citrix | netscaler_sdx_firmware | * |
| redhat | enterprise_linux_for_power_big_endian | 5.0_ppc |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.5_ppc64 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| ibm | pureapplication_system | 2.0.0.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| vmware | vcenter_server_appliance | 5.1 |
| f5 | big-ip_webaccelerator | * |
| redhat | enterprise_linux_for_ibm_z_systems | 7.5_s390x |
| ibm | smartcloud_entry_appliance | 2.3.0 |
| suse | linux_enterprise_software_development_kit | 11 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_server_from_rhui | 5.0 |
| ibm | smartcloud_entry_appliance | 3.1.0 |
| f5 | big-ip_policy_enforcement_manager | * |
| ibm | software_defined_network_for_virtual_environments | * |
| redhat | enterprise_linux_server | 5.0 |
| suse | linux_enterprise_software_development_kit | 12 |
| ibm | qradar_security_information_and_event_manager | 7.2.9 |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| redhat | enterprise_linux_for_power_big_endian | 5.9_ppc |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 5.9_s390x |
| ibm | workload_deployer | * |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux_eus | 6.5 |
| ibm | qradar_security_information_and_event_manager | 7.2.3 |
| redhat | enterprise_linux | 5.0 |
| ibm | security_access_manager_for_mobile_8.0_firmware | 8.0.0.3 |
| mageia | mageia | 4.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.3_s390x |
| ibm | qradar_vulnerability_manager | 7.2.2 |
| suse | linux_enterprise_server | 11 |
| debian | debian_linux | 7.0 |
| ibm | pureapplication_system | * |
| novell | zenworks_configuration_management | 11.2 |
| ibm | infosphere_guardium_database_activity_monitoring | 9.0 |
| ibm | qradar_security_information_and_event_manager | 7.2.0 |
| redhat | enterprise_linux_eus | 7.6 |
| ibm | storwize_v7000_firmware | * |
| ibm | stn6500_firmware | * |
| arista | eos | * |
| f5 | big-ip_access_policy_manager | * |
| ibm | qradar_security_information_and_event_manager | 7.2.8 |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.5_s390x |
| ibm | qradar_vulnerability_manager | 7.2.3 |
| ibm | security_access_manager_for_web_7.0_firmware | 7.0.0.8 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| ibm | qradar_security_information_and_event_manager | 7.1.1 |
| ibm | qradar_vulnerability_manager | 7.2.6 |
| ibm | stn7800_firmware | * |
| canonical | ubuntu_linux | 10.04 |
| oracle | linux | 5 |
| redhat | enterprise_linux_eus | 7.5 |
| novell | zenworks_configuration_management | 11.3.0 |
| ibm | storwize_v5000_firmware | * |
| f5 | big-ip_link_controller | 11.6.0 |
| f5 | big-ip_application_security_manager | 11.6.0 |
| gnu | bash | * |
| redhat | enterprise_linux_server_aus | 6.4 |
| ibm | storwize_v3700_firmware | * |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| f5 | big-ip_global_traffic_manager | * |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.4_s390x |
| redhat | enterprise_linux_desktop | 6.0 |
| opensuse | opensuse | 13.1 |
| redhat | gluster_storage_server_for_on-premise | 2.1 |
| redhat | enterprise_linux_eus | 5.9 |
| f5 | big-ip_policy_enforcement_manager | 11.6.0 |
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.3 |
| vmware | esxi | 5.1 |
| vmware | fusion | 6.0.2 |
| vmware | workstation | 10.0.2 |
| vmware | fusion | 6.0.4 |
| vmware | fusion | 6.0.3 |
| vmware | player | 6.0.4 |
| vmware | workstation | 10.0.4 |
| vmware | player | 6.0 |
| vmware | esxi | 5.5 |
| vmware | player | 6.0.3 |
| vmware | fusion | 6.0 |
| vmware | fusion | 6.0.1 |
| vmware | esxi | 5.0 |
| vmware | player | 6.0.1 |
| vmware | player | 6.0.2 |
| vmware | workstation | 10.0 |
VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server_appliance | 5.1 |
| vmware | vcenter_server_appliance | 5.0 |
| vmware | vcenter_server_appliance | 5.5 |
AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch | 7.3.0.0 |
| vmware | airwatch | * |
The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcloud_automation_center | 6.1.1 |
| vmware | vcloud_automation_center | 6.1 |
| vmware | vcloud_automation_center | 6.0.1.2 |
| vmware | vcloud_automation_center | 6.0.1 |
| vmware | vcloud_automation_center | 6.0.1.1 |
Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | 2.8.1 |
| vmware | rabbitmq | 3.2.0 |
| vmware | rabbitmq | 2.5.0 |
| vmware | rabbitmq | 2.2.0 |
| vmware | rabbitmq | 2.6.0 |
| vmware | rabbitmq | 2.8.7 |
| vmware | rabbitmq | 3.3.1 |
| vmware | rabbitmq | 2.6.1 |
| vmware | rabbitmq | 3.1.4 |
| vmware | rabbitmq | 3.0.1 |
| vmware | rabbitmq | 3.3.5 |
| vmware | rabbitmq | 2.3.1 |
| vmware | rabbitmq | 3.1.2 |
| vmware | rabbitmq | 3.0.4 |
| vmware | rabbitmq | 3.1.5 |
| vmware | rabbitmq | 3.3.3 |
| vmware | rabbitmq | 2.1.1 |
| vmware | rabbitmq | 2.8.3 |
| vmware | rabbitmq | 2.8.2 |
| vmware | rabbitmq | 2.8.4 |
| vmware | rabbitmq | 3.1.1 |
| vmware | rabbitmq | 3.3.0 |
| vmware | rabbitmq | 3.3.4 |
| vmware | rabbitmq | 2.7.1 |
| vmware | rabbitmq | 2.8.6 |
| vmware | rabbitmq | 3.3.2 |
| vmware | rabbitmq | 2.5.1 |
| vmware | rabbitmq | 3.0.2 |
| vmware | rabbitmq | 2.3.0 |
| vmware | rabbitmq | 3.1.3 |
| vmware | rabbitmq | 3.0.3 |
| vmware | rabbitmq | 2.4.0 |
| vmware | rabbitmq | 3.2.1 |
| vmware | rabbitmq | 2.8.5 |
| vmware | rabbitmq | 3.0.0 |
| vmware | rabbitmq | 2.1.0 |
| vmware | rabbitmq | 3.4.0 |
| vmware | rabbitmq | 2.4.1 |
| vmware | rabbitmq | 2.7.0 |
| vmware | rabbitmq | 2.8.0 |
| vmware | rabbitmq | 3.1.0 |
| vmware | rabbitmq | 3.2.3 |
| vmware | rabbitmq | 3.2.2 |
| vmware | rabbitmq | 3.2.4 |
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | 2.8.1 |
| vmware | rabbitmq | 3.2.0 |
| vmware | rabbitmq | 2.5.0 |
| vmware | rabbitmq | 2.2.0 |
| vmware | rabbitmq | 2.6.0 |
| vmware | rabbitmq | 2.8.7 |
| vmware | rabbitmq | 3.3.1 |
| vmware | rabbitmq | 2.6.1 |
| vmware | rabbitmq | 3.1.4 |
| vmware | rabbitmq | 3.0.1 |
| vmware | rabbitmq | 3.3.5 |
| vmware | rabbitmq | 2.3.1 |
| vmware | rabbitmq | 3.1.2 |
| vmware | rabbitmq | 3.0.4 |
| vmware | rabbitmq | 3.1.5 |
| vmware | rabbitmq | 3.3.3 |
| vmware | rabbitmq | 2.1.1 |
| vmware | rabbitmq | 2.8.3 |
| vmware | rabbitmq | 2.8.2 |
| vmware | rabbitmq | 2.8.4 |
| vmware | rabbitmq | 3.1.1 |
| vmware | rabbitmq | 3.3.0 |
| vmware | rabbitmq | 3.3.4 |
| vmware | rabbitmq | 2.7.1 |
| vmware | rabbitmq | 2.8.6 |
| vmware | rabbitmq | 3.3.2 |
| vmware | rabbitmq | 2.5.1 |
| vmware | rabbitmq | 3.0.2 |
| vmware | rabbitmq | 2.3.0 |
| vmware | rabbitmq | 3.1.3 |
| vmware | rabbitmq | 3.0.3 |
| vmware | rabbitmq | 2.4.0 |
| vmware | rabbitmq | 3.2.1 |
| vmware | rabbitmq | 2.8.5 |
| vmware | rabbitmq | 3.0.0 |
| vmware | rabbitmq | 2.1.0 |
| vmware | rabbitmq | 3.4.0 |
| vmware | rabbitmq | 2.4.1 |
| vmware | rabbitmq | 2.7.0 |
| vmware | rabbitmq | 2.8.0 |
| vmware | rabbitmq | 3.1.0 |
| vmware | rabbitmq | 3.2.3 |
| vmware | rabbitmq | 3.2.2 |
| vmware | rabbitmq | 3.2.4 |
The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | spring_framework | 4.1.0 |
| vmware | spring_framework | 4.1.2 |
| vmware | spring_framework | 4.1.3 |
| vmware | spring_framework | 4.1.1 |
| vmware | spring_framework | 4.1.4 |
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.3 |
| vmware | fusion | 6.0.2 |
| vmware | workstation | 10.0.2 |
| vmware | fusion | 6.0.4 |
| vmware | fusion | 6.0.3 |
| vmware | player | 6.0.4 |
| vmware | workstation | 10.0.4 |
| vmware | player | 6.0 |
| vmware | player | 6.0.3 |
| vmware | fusion | 7.0 |
| vmware | fusion | 6.0 |
| vmware | fusion | 6.0.1 |
| vmware | player | 6.0.1 |
| vmware | player | 6.0.2 |
| vmware | workstation | 10.0 |
vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.3 |
| vmware | esxi | 5.1 |
| vmware | workstation | 10.0.2 |
| vmware | player | 6.0.4 |
| vmware | workstation | 10.0.4 |
| vmware | player | 6.0 |
| vmware | esxi | 5.5 |
| vmware | player | 6.0.3 |
| vmware | esxi | 5.0 |
| vmware | player | 6.0.1 |
| vmware | player | 6.0.2 |
| vmware | workstation | 10.0 |
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 5.1 |
| vmware | vcenter_server | 5.0 |
| vmware | vcenter_server | 5.5 |
TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | 3.2.0 |
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.2 |
| vmware | workstation | 11.1 |
| vmware | fusion | 6.0.3 |
| vmware | player | 6.0.4 |
| vmware | player | 6.0 |
| vmware | player | 6.0.3 |
| vmware | fusion | 7.0 |
| vmware | fusion | 6.0 |
| vmware | fusion | 6.0.1 |
| vmware | horizon_view_client | 5.4.1 |
| vmware | player | 6.0.2 |
| vmware | workstation | 11.0 |
| vmware | horizon_view_client | 5.4 |
| vmware | workstation | 10.0.3 |
| vmware | fusion | 6.0.5 |
| vmware | fusion | 6.0.2 |
| vmware | fusion | 6.0.4 |
| vmware | player | 7.1 |
| vmware | player | 7.0 |
| vmware | workstation | 10.0.4 |
| vmware | workstation | 10.0.5 |
| vmware | horizon_client | 3.3 |
| vmware | fusion | 7.0.1 |
| vmware | player | 6.0.5 |
| vmware | player | 6.0.1 |
| vmware | workstation | 10.0 |
TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | 3.2.0 |
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.2 |
| vmware | workstation | 11.1 |
| vmware | fusion | 6.0.3 |
| vmware | player | 6.0.4 |
| vmware | player | 6.0 |
| vmware | player | 6.0.3 |
| vmware | fusion | 7.0 |
| vmware | fusion | 6.0 |
| vmware | fusion | 6.0.1 |
| vmware | horizon_view_client | 5.4.1 |
| vmware | player | 6.0.2 |
| vmware | workstation | 11.0 |
| vmware | horizon_view_client | 5.4 |
| vmware | workstation | 10.0.3 |
| vmware | fusion | 6.0.5 |
| vmware | fusion | 6.0.2 |
| vmware | fusion | 6.0.4 |
| vmware | player | 7.1 |
| vmware | player | 7.0 |
| vmware | workstation | 10.0.4 |
| vmware | workstation | 10.0.5 |
| vmware | horizon_client | 3.3 |
| vmware | fusion | 7.0.1 |
| vmware | player | 6.0.5 |
| vmware | player | 6.0.1 |
| vmware | workstation | 10.0 |
TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2339.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | 3.2.0 |
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.2 |
| vmware | workstation | 11.1 |
| vmware | fusion | 6.0.3 |
| vmware | player | 6.0.4 |
| vmware | player | 6.0 |
| vmware | player | 6.0.3 |
| vmware | fusion | 7.0 |
| vmware | fusion | 6.0 |
| vmware | fusion | 6.0.1 |
| vmware | horizon_view_client | 5.4.1 |
| vmware | player | 6.0.2 |
| vmware | workstation | 11.0 |
| vmware | horizon_view_client | 5.4 |
| vmware | workstation | 10.0.3 |
| vmware | fusion | 6.0.5 |
| vmware | fusion | 6.0.2 |
| vmware | fusion | 6.0.4 |
| vmware | player | 7.1 |
| vmware | player | 7.0 |
| vmware | workstation | 10.0.4 |
| vmware | workstation | 10.0.5 |
| vmware | horizon_client | 3.3 |
| vmware | fusion | 7.0.1 |
| vmware | player | 6.0.5 |
| vmware | player | 6.0.1 |
| vmware | workstation | 10.0 |
TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2338.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | 3.2.0 |
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.2 |
| vmware | workstation | 11.1 |
| vmware | fusion | 6.0.3 |
| vmware | player | 6.0.4 |
| vmware | player | 6.0 |
| vmware | player | 6.0.3 |
| vmware | fusion | 7.0 |
| vmware | fusion | 6.0 |
| vmware | fusion | 6.0.1 |
| vmware | horizon_view_client | 5.4.1 |
| vmware | player | 6.0.2 |
| vmware | workstation | 11.0 |
| vmware | horizon_view_client | 5.4 |
| vmware | workstation | 10.0.3 |
| vmware | fusion | 6.0.5 |
| vmware | fusion | 6.0.2 |
| vmware | fusion | 6.0.4 |
| vmware | player | 7.1 |
| vmware | player | 7.0 |
| vmware | workstation | 10.0.4 |
| vmware | workstation | 10.0.5 |
| vmware | horizon_client | 3.3 |
| vmware | fusion | 7.0.1 |
| vmware | player | 6.0.5 |
| vmware | player | 6.0.1 |
| vmware | workstation | 10.0 |
TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | 3.2.0 |
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.2 |
| vmware | workstation | 11.1 |
| vmware | fusion | 6.0.3 |
| vmware | player | 6.0.4 |
| vmware | player | 6.0 |
| vmware | player | 6.0.3 |
| vmware | fusion | 7.0 |
| vmware | fusion | 6.0 |
| vmware | fusion | 6.0.1 |
| vmware | horizon_view_client | 5.4.1 |
| vmware | player | 6.0.2 |
| vmware | workstation | 11.0 |
| vmware | horizon_view_client | 5.4 |
| vmware | workstation | 10.0.3 |
| vmware | fusion | 6.0.5 |
| vmware | fusion | 6.0.2 |
| vmware | fusion | 6.0.4 |
| vmware | player | 7.1 |
| vmware | player | 7.0 |
| vmware | workstation | 10.0.4 |
| vmware | workstation | 10.0.5 |
| vmware | horizon_client | 3.3 |
| vmware | fusion | 7.0.1 |
| vmware | player | 6.0.5 |
| vmware | player | 6.0.1 |
| vmware | workstation | 10.0 |
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.3 |
| vmware | fusion | 6.0.5 |
| vmware | fusion | 6.0.2 |
| vmware | workstation | 10.0.2 |
| vmware | fusion | 6.0.4 |
| vmware | fusion | 7.1.0 |
| vmware | fusion | 6.0.3 |
| vmware | player | 6.0.4 |
| vmware | workstation | 10.0.4 |
| vmware | player | 6.0 |
| vmware | player | 6.0.3 |
| vmware | fusion | 7.0 |
| vmware | fusion | 6.0 |
| vmware | fusion | 6.0.1 |
| vmware | fusion | 7.0.1 |
| vmware | player | 6.0.5 |
| vmware | player | 6.0.1 |
| vmware | fusion | 7.1.1 |
| vmware | player | 6.0.2 |
| vmware | workstation | 10.0 |
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 5.1 |
| vmware | vcenter_server | 5.0 |
| vmware | vcenter_server | 5.5 |
| vmware | vcenter_server | 6.0 |
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_automation | 6.0.1.1 |
| vmware | vrealize_automation | 6.2.3 |
| vmware | vrealize_automation | 6.2.1 |
| vmware | vrealize_automation | 6.1 |
| vmware | vrealize_automation | 6.0 |
| vmware | vrealize_automation | 6.0.1.2 |
| vmware | vrealize_automation | 6.2 |
| vmware | vrealize_automation | 6.0.1 |
| vmware | vrealize_automation | 6.2.2 |
| vmware | vrealize_automation | 6.1.1 |
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | 3.2.3 |
| pivotal_software | spring_framework | 3.2.0 |
| vmware | spring_framework | 3.2.11 |
| vmware | spring_framework | 4.1.2 |
| vmware | spring_framework | 3.2.4 |
| fedoraproject | fedora | 21 |
| fedoraproject | fedora | 22 |
| vmware | spring_framework | 3.2.9 |
| vmware | spring_framework | 3.2.1 |
| vmware | spring_framework | 3.2.13 |
| vmware | spring_framework | 4.1.5 |
| vmware | spring_framework | 3.2.5 |
| vmware | spring_framework | 3.2.8 |
| pivotal_software | spring_framework | 4.1.0 |
| vmware | spring_framework | 4.1.3 |
| vmware | spring_framework | 3.2.7 |
| vmware | spring_framework | 3.2.12 |
| vmware | spring_framework | 4.1.1 |
| vmware | spring_framework | 4.1.6 |
| vmware | spring_framework | 3.2.10 |
| vmware | spring_framework | 3.2.2 |
| vmware | spring_framework | 3.2.6 |
| vmware | spring_framework | 4.1.4 |
vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 10.0.1 |
| vmware | workstation | 10.0.6 |
| vmware | workstation | 10.0.2 |
| vmware | player | 5.0.3 |
| vmware | workstation | 11.1 |
| vmware | player | 6.0.4 |
| vmware | player | 6.0 |
| vmware | player | 6.0.3 |
| vmware | player | 5.0.2 |
| vmware | horizon_view_client | 5.4.1 |
| vmware | player | 5.0.4 |
| vmware | player | 6.0.2 |
| vmware | workstation | 11.0 |
| vmware | horizon_view_client | 5.4 |
| vmware | player | 5.0.1 |
| vmware | workstation | 10.0.3 |
| vmware | player | 5.0 |
| vmware | player | 7.1 |
| vmware | player | 6.0.6 |
| vmware | player | 7.0 |
| vmware | workstation | 10.0.4 |
| vmware | workstation | 10.0.5 |
| vmware | player | 6.0.5 |
| vmware | player | 6.0.1 |
| vmware | workstation | 10.0 |
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.6 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H | 2.8 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-552,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | 3.2.3 |
| vmware | spring_framework | 4.0.9 |
| vmware | spring_framework | 4.1.7 |
| debian | debian_linux | 8.0 |
| vmware | spring_framework | 4.1.2 |
| vmware | spring_framework | 3.2.4 |
| vmware | spring_framework | 4.0.8 |
| vmware | spring_framework | 4.1.5 |
| vmware | spring_framework | 3.2.8 |
| vmware | spring_framework | 4.0.0 |
| vmware | spring_framework | 4.0.7 |
| vmware | spring_framework | 4.1.0 |
| vmware | spring_framework | 3.2.7 |
| vmware | spring_framework | 3.2.14 |
| vmware | spring_framework | 3.2.0 |
| vmware | spring_framework | 4.1.1 |
| vmware | spring_framework | 3.2.10 |
| vmware | spring_framework | 4.0.1 |
| vmware | spring_framework | 3.2.2 |
| vmware | spring_framework | 4.1.4 |
| vmware | spring_framework | 3.2.11 |
| vmware | spring_framework | 4.2.1 |
| vmware | spring_framework | 4.0.5 |
| vmware | spring_framework | 3.2.9 |
| vmware | spring_framework | 3.2.1 |
| vmware | spring_framework | 4.0.2 |
| vmware | spring_framework | 4.0.3 |
| vmware | spring_framework | 4.0.4 |
| vmware | spring_framework | 4.0.6 |
| vmware | spring_framework | 3.2.13 |
| vmware | spring_framework | 3.2.5 |
| vmware | spring_framework | 4.2.0 |
| vmware | spring_framework | 4.1.3 |
| vmware | spring_framework | 3.2.12 |
| vmware | spring_framework | 4.1.6 |
| vmware | spring_framework | 3.2.6 |
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| vmware | spring_social | * |
Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 5.1 |
| vmware | vcenter_server | 5.0 |
| vmware | vcenter_server | 5.5 |
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 5.5 |
| vmware | vcenter_server | 6.0 |
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 11.0 |
| vmware | esxi | 5.1 |
| vmware | player | 7.1 |
| vmware | workstation | 11.1 |
| vmware | player | 7.0 |
| vmware | workstation | 11.1.1 |
| vmware | esxi | 5.5 |
| vmware | fusion | 7.0 |
| vmware | fusion | 7.1 |
| vmware | esxi | 6.0 |
| vmware | esxi | 5.0 |
| vmware | fusion | 7.1.1 |
| vmware | player | 7.1.1 |
Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_orchestrator | 6.0.3 |
| vmware | vrealize_orchestrator | 6.0.2 |
| vmware | vcenter_orchestrator | 5.5.1 |
| vmware | vcenter_orchestrator | 5.5.2 |
| vmware | vrealize_orchestrator | 6.0.1 |
| vmware | vcenter_orchestrator | 5.5 |
| vmware | vcenter_orchestrator | 5.5.2.1 |
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | pivotal_software_mysql | 1.7.0.2 |
| vmware | pivotal_software_mysql | 1.7.2 |
| vmware | pivotal_software_mysql | 1.7.1 |
| vmware | pivotal_software_mysql | 1.7.0 |
| vmware | pivotal_software_mysql | 1.7.0.3 |
| vmware | pivotal_software_mysql | 1.7.9 |
| vmware | pivotal_software_mysql | 1.7.8 |
| vmware | pivotal_software_mysql | 1.7.0.4 |
| vmware | pivotal_software_mysql | 1.7.4 |
| vmware | pivotal_software_mysql | 1.7.7 |
| vmware | pivotal_software_mysql | 1.7.6 |
| vmware | pivotal_software_mysql | 1.7.3 |
| vmware | pivotal_software_mysql | 1.7.5 |
| vmware | pivotal_software_mysql | 1.7.0.1 |
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | * |
Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_business_advanced_and_enterprise | 8.0 |
| vmware | vrealize_business_advanced_and_enterprise | 8.2.2 |
| vmware | vrealize_business_advanced_and_enterprise | 8.2.4 |
| vmware | vrealize_business_advanced_and_enterprise | 8.2 |
| vmware | vrealize_business_advanced_and_enterprise | 8.1 |
| vmware | vrealize_business_advanced_and_enterprise | 8.2.3 |
| vmware | vrealize_business_advanced_and_enterprise | 8.0.1 |
| vmware | vrealize_business_advanced_and_enterprise | 8.2.1 |
| vmware | vrealize_business_advanced_and_enterprise | 8.0.2 |
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcloud_director | 5.5.5 |
| vmware | vcenter_server | 5.5 |
| vmware | vcloud_automation_identity_appliance | 6.2.4 |
VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 11.0 |
| vmware | player | 7.1.2 |
| vmware | player | 7.1 |
| vmware | workstation | 11.1 |
| vmware | player | 7.0 |
| vmware | workstation | 11.1.1 |
| vmware | player | 7.1.1 |
| vmware | workstation | 11.1.2 |
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 5.1 |
| vmware | vcenter_server | 5.0 |
| vmware | vcenter_server | 5.5 |
| vmware | vcenter_server | 6.0 |
VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | nsx_edge | 6.1.1 |
| vmware | nsx_edge | 6.1.6 |
| vmware | nsx_edge | 6.2.0 |
| vmware | vcloud_networking_and_security_edge | 5.5.0 |
| vmware | vcloud_networking_and_security_edge | 5.5.2.1 |
| vmware | vcloud_networking_and_security_edge | 5.5.3.1 |
| vmware | nsx_edge | 6.1.2 |
| vmware | nsx_edge | 6.1.5 |
| vmware | nsx_edge | 6.2.1 |
| vmware | vcloud_networking_and_security_edge | 5.5.3 |
| vmware | nsx_edge | 6.2.2 |
| vmware | vcloud_networking_and_security_edge | 5.5.4.2 |
| vmware | nsx_edge | 6.1.4 |
| vmware | vcloud_networking_and_security_edge | 5.5.4.1 |
| vmware | vcloud_networking_and_security_edge | 5.5.4 |
| vmware | nsx_edge | 6.1.0 |
Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | 3.3.1 |
| vmware | vrealize_log_insight | 2.5 |
| vmware | vrealize_log_insight | 2.5.1 |
| vmware | vrealize_log_insight | 2.0 |
| vmware | vrealize_log_insight | 3.0.1 |
| vmware | vrealize_log_insight | 3.3 |
| vmware | vrealize_log_insight | 2.0.5 |
| vmware | vrealize_log_insight | 3.0 |
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | 3.3.1 |
| vmware | vrealize_log_insight | 2.5 |
| vmware | vrealize_log_insight | 2.5.1 |
| vmware | vrealize_log_insight | 2.0 |
| vmware | vrealize_log_insight | 3.0.1 |
| vmware | vrealize_log_insight | 3.3 |
| vmware | vrealize_log_insight | 2.0.5 |
| vmware | vrealize_log_insight | 3.0 |
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 23 |
| fedoraproject | fedora | 22 |
| fedoraproject | fedora | 24 |
| vmware | spring_advanced_message_queuing_protocol | * |
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | 4.2.4 |
| vmware | spring_security | 4.0.3 |
| vmware | spring_framework | 4.0.8 |
| vmware | spring_framework | 4.1.5 |
| vmware | spring_framework | 4.2.5 |
| vmware | spring_framework | 3.2.8 |
| vmware | spring_framework | 3.2.17 |
| vmware | spring_framework | 4.0.7 |
| vmware | spring_framework | 3.2.7 |
| vmware | spring_security | 3.2.8 |
| vmware | spring_framework | 3.2.10 |
| vmware | spring_security | 3.2.4 |
| pivotal_software | spring_framework | 3.2.0 |
| pivotal_software | spring_framework | 4.2.0 |
| vmware | spring_framework | 4.2.8 |
| vmware | spring_framework | 4.1.8 |
| vmware | spring_framework | 3.2.11 |
| vmware | spring_framework | 4.2.1 |
| vmware | spring_security | 3.2.10 |
| vmware | spring_security | 3.2.1 |
| vmware | spring_framework | 3.2.1 |
| vmware | spring_framework | 3.2.15 |
| vmware | spring_framework | 4.0.2 |
| vmware | spring_framework | 4.0.6 |
| vmware | spring_framework | 4.2.2 |
| vmware | spring_framework | 3.2.13 |
| vmware | spring_security | 4.0.4 |
| pivotal_software | spring_framework | 4.1.0 |
| vmware | spring_framework | 4.1.3 |
| vmware | spring_security | 4.0.2 |
| vmware | spring_security | 3.2.6 |
| vmware | spring_framework | 4.1.6 |
| vmware | spring_framework | 3.2.16 |
| pivotal_software | spring_framework | 4.0.0 |
| vmware | spring_framework | 3.2.3 |
| vmware | spring_framework | 4.2.9 |
| vmware | spring_framework | 4.0.9 |
| vmware | spring_framework | 4.1.7 |
| vmware | spring_framework | 4.1.2 |
| vmware | spring_framework | 3.2.4 |
| vmware | spring_security | 3.2.0 |
| vmware | spring_security | 3.2.5 |
| vmware | spring_framework | 3.2.14 |
| vmware | spring_security | 4.0.0 |
| vmware | spring_framework | 4.1.1 |
| vmware | spring_framework | 4.2.6 |
| vmware | spring_framework | 4.0.1 |
| vmware | spring_framework | 3.2.2 |
| vmware | spring_framework | 4.1.4 |
| vmware | spring_security | 3.2.2 |
| vmware | spring_security | 4.0.1 |
| vmware | spring_framework | 4.0.5 |
| vmware | spring_security | 3.2.3 |
| vmware | spring_framework | 3.2.9 |
| vmware | spring_framework | 4.0.3 |
| vmware | spring_framework | 4.0.4 |
| vmware | spring_framework | 4.2.7 |
| vmware | spring_framework | 4.1.9 |
| vmware | spring_framework | 4.2.3 |
| vmware | spring_security | 3.2.9 |
| vmware | spring_framework | 3.2.5 |
| vmware | spring_security | 3.2.7 |
| vmware | spring_framework | 3.2.18 |
| vmware | spring_framework | 3.2.12 |
| vmware | spring_security | 4.1.0 |
| vmware | spring_framework | 3.2.6 |
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | 9.0.10 |
| vmware | tools | 9.4.11 |
| vmware | tools | 9.4.10 |
| vmware | tools | 10.0.6 |
| vmware | tools | * |
| vmware | tools | 9.0.12 |
| vmware | tools | 9.0.17 |
| vmware | tools | 10.0.5 |
| vmware | tools | 9.10.5 |
| vmware | tools | 9.0.16 |
| vmware | tools | 9.10.1 |
| vmware | tools | 9.0.11 |
| vmware | tools | 9.10.0 |
| vmware | tools | 10.0.0 |
| vmware | tools | 9.4.0 |
| vmware | tools | 9.0.13 |
| vmware | tools | 9.0.0 |
| vmware | tools | 9.0.15 |
| vmware | tools | 9.0.5 |
| vmware | tools | 9.4.5 |
| vmware | tools | 9.4.12 |
| vmware | tools | 9.4.15 |
| vmware | tools | 9.0.1 |
VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | 8.1.0 |
| vmware | fusion | 8.0.2 |
| vmware | fusion | 8.0.1 |
| vmware | fusion | 8.1.1 |
| vmware | fusion | 8.0.0 |
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_pro | * |
| vmware | tools | * |
| vmware | fusion | * |
| vmware | workstation_player | * |
| vmware | esxi | * |
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-93,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | esxi | 6.0 |
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | 2.5 |
| vmware | vrealize_log_insight | 2.0 |
| vmware | vrealize_log_insight | 3.3 |
| vmware | vrealize_log_insight | 2.0.5 |
| vmware | vrealize_log_insight | 3.0 |
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | photon_os | * |
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | * |
| vmware | vrealize_automation | * |
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | * |
| vmware | vrealize_automation | * |
VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_automation | 7.0.1 |
| vmware | vrealize_automation | 7.0 |
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | 9.0.10 |
| vmware | tools | 9.4.11 |
| vmware | tools | 9.4.10 |
| vmware | tools | 10.0.6 |
| vmware | tools | * |
| vmware | tools | 9.0.12 |
| vmware | tools | 9.0.17 |
| vmware | tools | 10.0.5 |
| vmware | tools | 9.10.5 |
| vmware | tools | 9.0.16 |
| vmware | tools | 9.10.1 |
| vmware | tools | 9.0.11 |
| vmware | tools | 9.10.0 |
| vmware | tools | 10.0.0 |
| vmware | tools | 9.4.0 |
| vmware | tools | 9.0.13 |
| vmware | tools | 9.0.0 |
| vmware | tools | 9.0.15 |
| vmware | tools | 9.0.5 |
| vmware | tools | 9.4.5 |
| vmware | tools | 9.4.12 |
| vmware | tools | 9.4.15 |
| vmware | tools | 9.0.1 |
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | 9.0.10 |
| vmware | tools | 9.4.11 |
| vmware | tools | 9.4.10 |
| vmware | tools | 10.0.6 |
| vmware | tools | * |
| vmware | tools | 9.0.12 |
| vmware | tools | 9.0.17 |
| vmware | tools | 10.0.5 |
| vmware | tools | 9.10.5 |
| vmware | tools | 9.0.16 |
| vmware | tools | 9.10.1 |
| vmware | tools | 9.0.11 |
| vmware | tools | 9.10.0 |
| vmware | tools | 10.0.0 |
| vmware | tools | 9.4.0 |
| vmware | tools | 9.0.13 |
| vmware | tools | 9.0.0 |
| vmware | tools | 9.0.15 |
| vmware | tools | 9.0.5 |
| vmware | tools | 9.4.5 |
| vmware | tools | 9.4.12 |
| vmware | tools | 9.4.15 |
| vmware | tools | 9.0.1 |
Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_pro | 12.1.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | workstation_pro | 12.1.0 |
| vmware | workstation_player | 12.1.1 |
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_pro | 12.1.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | workstation_pro | 12.1.0 |
| vmware | workstation_player | 12.1.1 |
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_pro | 12.1.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | workstation_pro | 12.1.0 |
| vmware | workstation_player | 12.1.1 |
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_pro | 12.1.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | workstation_pro | 12.1.0 |
| vmware | workstation_player | 12.1.1 |
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_pro | 12.1.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | workstation_pro | 12.1.0 |
| vmware | workstation_player | 12.1.1 |
The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_pro | 12.1.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | workstation_pro | 12.1.0 |
| vmware | workstation_player | 12.1.1 |
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 5.0.1 |
| vmware | horizon_view | 6.2 |
| vmware | horizon_view | 5.2.0 |
| vmware | horizon_view | 5.3 |
| vmware | horizon_view | 5.1 |
| vmware | horizon_view | 5.1.3 |
| vmware | horizon_view | 6.0 |
| vmware | horizon_view | 7.0 |
| vmware | horizon_view | 6.1.1 |
| vmware | horizon_view | 5.0 |
| vmware | horizon_view | 6.0.2 |
| vmware | horizon_view | 6.1 |
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_data_protection | 5.5.11 |
| vmware | vsphere_data_protection | 6.0.3 |
| vmware | vsphere_data_protection | 6.1.0 |
| vmware | vsphere_data_protection | 6.1.3 |
| vmware | vsphere_data_protection | 5.5.8 |
| vmware | vsphere_data_protection | 6.0.4 |
| vmware | vsphere_data_protection | 5.5.10 |
| vmware | vsphere_data_protection | 5.8.3 |
| vmware | vsphere_data_protection | 6.1.1 |
| vmware | vsphere_data_protection | 6.0.0 |
| vmware | vsphere_data_protection | 5.8.1 |
| vmware | vsphere_data_protection | 5.8.0 |
| vmware | vsphere_data_protection | 5.5.9 |
| vmware | vsphere_data_protection | 5.5.1 |
| vmware | vsphere_data_protection | 5.8.4 |
| vmware | vsphere_data_protection | 5.5.5 |
| vmware | vsphere_data_protection | 5.8.2 |
| vmware | vsphere_data_protection | 6.0.1 |
| vmware | vsphere_data_protection | 5.5.6 |
| vmware | vsphere_data_protection | 5.5.7 |
| vmware | vsphere_data_protection | 6.1.2 |
| vmware | vsphere_data_protection | 6.0.2 |
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | 6.2.1 |
| vmware | vrealize_operations | 6.0.0 |
| vmware | vrealize_operations | 6.1.0 |
| vmware | vrealize_operations | 6.3.0 |
| vmware | vrealize_operations | 6.2.0a |
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_client | 5.5 |
| vmware | vsphere_client | 6.0 |
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 5.0 |
| vmware | vcenter_server | 5.5 |
| vmware | vcenter_server | 6.0 |
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_automation | 6.0.0 |
| vmware | vrealize_automation | 6.0.1.1 |
| vmware | vrealize_automation | 6.2.3 |
| vmware | vrealize_automation | 6.2.0 |
| vmware | vrealize_automation | 6.2.1 |
| vmware | vrealize_automation | 6.0.1.2 |
| vmware | vrealize_automation | 6.2.4 |
| vmware | vrealize_automation | 6.1.0 |
| vmware | vrealize_automation | 6.0.1 |
| vmware | vrealize_automation | 6.2.2 |
| vmware | vrealize_automation | 6.1.1 |
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | 8.1.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_pro | 12.1.1 |
| vmware | workstation_pro | 12.5.1 |
| vmware | fusion | 8.5.1 |
| vmware | fusion | 8.1.1 |
| vmware | fusion_pro | 8.1.0 |
| vmware | fusion | 8.0.2 |
| vmware | fusion_pro | 8.5.1 |
| vmware | workstation_player | 12.5.0 |
| vmware | workstation_pro | 12.1.0 |
| vmware | fusion_pro | 8.1.1 |
| vmware | fusion | 8.5.0 |
| vmware | fusion_pro | 8.0.1 |
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_pro | 12.5.0 |
| vmware | fusion_pro | 8.0.2 |
| vmware | workstation_player | 12.5.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | fusion | 8.0.1 |
| vmware | fusion_pro | 8.0.0 |
| vmware | fusion_pro | 8.5.0 |
| vmware | workstation_player | 12.1.1 |
| vmware | fusion | 8.0.0 |
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,CWE-749,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | 6.2.1 |
| vmware | vrealize_operations | 6.0.0 |
| vmware | vrealize_operations | 6.1.0 |
| vmware | vrealize_operations | 6.3.0 |
| vmware | vrealize_operations | 6.2.0a |
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | esxi | 5.5 |
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | 3.2.0 |
| pivotal_software | rabbitmq | 1.6.0 |
| pivotal_software | rabbitmq | 1.6.7 |
| pivotal_software | rabbitmq | 1.6.2 |
| pivotal_software | rabbitmq | 1.5.11 |
| vmware | rabbitmq | 3.4.3 |
| pivotal_software | rabbitmq | 3.6.5 |
| vmware | rabbitmq | 3.3.1 |
| vmware | rabbitmq | 3.1.4 |
| vmware | rabbitmq | 3.0.1 |
| vmware | rabbitmq | 3.3.5 |
| pivotal_software | rabbitmq | 1.5.15 |
| pivotal_software | rabbitmq | 1.6.5 |
| pivotal_software | rabbitmq | 1.7.0 |
| vmware | rabbitmq | 3.5.1 |
| vmware | rabbitmq | 3.0.4 |
| pivotal_software | rabbitmq | 3.6.0 |
| vmware | rabbitmq | 3.3.3 |
| pivotal_software | rabbitmq | 1.7.2 |
| vmware | rabbitmq | 3.3.0 |
| pivotal_software | rabbitmq | 1.5.6 |
| pivotal_software | rabbitmq | 1.5.4 |
| vmware | rabbitmq | 3.1.3 |
| vmware | rabbitmq | 3.0.3 |
| pivotal_software | rabbitmq | 1.5.2 |
| pivotal_software | rabbitmq | 1.6.1 |
| pivotal_software | rabbitmq | 1.6.4 |
| pivotal_software | rabbitmq | 1.5.9 |
| pivotal_software | rabbitmq | 1.6.9 |
| pivotal_software | rabbitmq | 1.7.3 |
| vmware | rabbitmq | 3.2.3 |
| vmware | rabbitmq | 3.4.4 |
| vmware | rabbitmq | 3.2.2 |
| pivotal_software | rabbitmq | 1.5.14 |
| pivotal_software | rabbitmq | 3.6.3 |
| vmware | rabbitmq | 3.5.0 |
| pivotal_software | rabbitmq | 1.5.10 |
| pivotal_software | rabbitmq | 3.5.4 |
| pivotal_software | rabbitmq | 1.5.5 |
| pivotal_software | rabbitmq | 1.5.12 |
| pivotal_software | rabbitmq | 1.5.1 |
| pivotal_software | rabbitmq | 1.5.17 |
| pivotal_software | rabbitmq | 1.6.3 |
| pivotal_software | rabbitmq | 1.5.18 |
| vmware | rabbitmq | 3.1.2 |
| pivotal_software | rabbitmq | 1.5.0 |
| vmware | rabbitmq | 3.1.5 |
| pivotal_software | rabbitmq | 1.7.4 |
| pivotal_software | rabbitmq | 1.5.7 |
| pivotal_software | rabbitmq | 1.5.13 |
| pivotal_software | rabbitmq | 1.5.8 |
| vmware | rabbitmq | 3.1.1 |
| vmware | rabbitmq | 3.3.4 |
| vmware | rabbitmq | 3.4.2 |
| pivotal_software | rabbitmq | 1.6.8 |
| vmware | rabbitmq | 3.5.6 |
| vmware | rabbitmq | 3.3.2 |
| pivotal_software | rabbitmq | 3.6.1 |
| vmware | rabbitmq | 3.0.2 |
| pivotal_software | rabbitmq | 1.6.10 |
| vmware | rabbitmq | 3.4.1 |
| vmware | rabbitmq | 3.2.1 |
| vmware | rabbitmq | 3.5.2 |
| pivotal_software | rabbitmq | 3.6.2 |
| pivotal_software | rabbitmq | 1.7.6 |
| vmware | rabbitmq | 3.0.0 |
| pivotal_software | rabbitmq | 3.5.5 |
| vmware | rabbitmq | 3.4.0 |
| pivotal_software | rabbitmq | 3.5.7 |
| pivotal_software | rabbitmq | 1.5.3 |
| pivotal_software | rabbitmq | 1.7.5 |
| pivotal_software | rabbitmq | 1.6.6 |
| vmware | rabbitmq | 3.1.0 |
| vmware | rabbitmq | 3.5.3 |
| pivotal_software | rabbitmq | 3.6.4 |
| vmware | rabbitmq | 3.2.4 |
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | 3.2.3 |
| vmware | spring_framework | 4.2.4 |
| vmware | spring_framework | 3.2.4 |
| vmware | spring_framework | 4.3.4 |
| vmware | spring_framework | 4.2.5 |
| vmware | spring_framework | 3.2.8 |
| vmware | spring_framework | 3.2.17 |
| vmware | spring_framework | 3.2.7 |
| vmware | spring_framework | 3.2.14 |
| vmware | spring_framework | 4.2.6 |
| vmware | spring_framework | 3.2.10 |
| vmware | spring_framework | 3.2.2 |
| pivotal_software | spring_framework | 4.2.0 |
| vmware | spring_framework | 4.2.8 |
| vmware | spring_framework | 3.2.11 |
| vmware | spring_framework | 4.2.1 |
| vmware | spring_framework | 3.2.9 |
| vmware | spring_framework | 3.2.1 |
| vmware | spring_framework | 3.2.15 |
| vmware | spring_framework | 4.3.2 |
| vmware | spring_framework | 4.2.2 |
| vmware | spring_framework | 4.2.7 |
| vmware | spring_framework | 4.3.3 |
| vmware | spring_framework | 3.2.13 |
| vmware | spring_framework | 4.2.3 |
| vmware | spring_framework | 3.2.5 |
| vmware | spring_framework | 4.3.1 |
| pivotal_software | spring_framework | 4.3.0 |
| pivotal_software | spring_framework | * |
| vmware | spring_framework | 3.2.12 |
| vmware | spring_framework | 3.2.16 |
| vmware | spring_framework | 3.2.6 |
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-417,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | websphere_application_server | 8.5.5.6 |
| ibm | websphere_application_server | 8.5.5.8 |
| vmware | spring_security | 3.2.0 |
| ibm | websphere_application_server | 8.5.0.2 |
| ibm | websphere_application_server | 8.5.5.9 |
| vmware | spring_security | 3.2.5 |
| ibm | websphere_application_server | 8.5.5.2 |
| vmware | spring_security | 3.2.8 |
| vmware | spring_security | 4.1.1 |
| ibm | websphere_application_server | 8.5.0.0 |
| vmware | spring_security | 3.2.4 |
| vmware | spring_security | 3.2.2 |
| ibm | websphere_application_server | 8.5.5.7 |
| vmware | spring_security | 4.1.3 |
| vmware | spring_security | 3.2.3 |
| ibm | websphere_application_server | 8.5.5.5 |
| vmware | spring_security | 3.2.1 |
| ibm | websphere_application_server | 8.5.5.1 |
| vmware | spring_security | 4.1.2 |
| ibm | websphere_application_server | 8.5.5.3 |
| vmware | spring_security | 3.2.9 |
| vmware | spring_security | 3.2.7 |
| ibm | websphere_application_server | 8.5.5.4 |
| vmware | spring_security | 3.2.6 |
| ibm | websphere_application_server | 8.5.0.1 |
| vmware | spring_security | 4.2.0 |
| ibm | websphere_application_server | 8.5.5.0 |
| vmware | spring_security | 4.1.0 |
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| vmware | esxi | 6.0 |
| canonical | ubuntu_linux | 16.04 |
| busybox | busybox | * |
| redlion | n-tron_702-w_firmware | * |
| canonical | ubuntu_linux | 14.04 |
| vmware | esxi | 6.5 |
| redlion | n-tron_702m12-w_firmware | * |
| debian | debian_linux | 9.0 |
| vmware | esxi | 6.7 |
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch_inbox | - |
| vmware | airwatch_agent | - |
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch_inbox | - |
| vmware | airwatch_agent | - |
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_daas | * |
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.5.2 |
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_pro | 12.5.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_player | 12.5.1 |
| vmware | workstation_pro | 12.5.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | workstation_player | 12.5.0 |
| vmware | workstation_pro | 12.1.0 |
| vmware | workstation_pro | 12.5.2 |
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_pro | 12.5.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_player | 12.5.0 |
| vmware | workstation_player | 12.5.1 |
| vmware | workstation_pro | 12.5.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | workstation_pro | 12.1.0 |
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
CVSS 2.0
Severity: LOW
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.5.2 |
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_pro | 12.5.0 |
| vmware | workstation_player | 12.1.0 |
| vmware | workstation_pro | 12.0.0 |
| vmware | workstation_pro | 12.0.1 |
| vmware | workstation_player | 12.5.1 |
| vmware | workstation_pro | 12.5.1 |
| vmware | workstation_player | 12.0.1 |
| vmware | workstation_player | 12.5.0 |
| vmware | workstation_pro | 12.1.0 |
| vmware | workstation_pro | 12.5.2 |
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | 8.1.0 |
| vmware | fusion | 8.5.4 |
| vmware | fusion | 8.5.0 |
| vmware | workstation | 12.0.1 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | fusion | 8.5.1 |
| vmware | workstation | 12.5.3 |
| vmware | fusion | 8.0.1 |
| vmware | workstation | 12.1.1 |
| vmware | fusion | 8.1.1 |
| vmware | workstation | 12.5 |
| vmware | fusion | 8.5.3 |
| vmware | fusion | 8.5.2 |
| vmware | fusion | 8.0.2 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.0 |
| vmware | fusion | 8.0.0 |
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion_pro | * |
| vmware | workstation_pro | * |
| vmware | fusion | * |
| vmware | workstation_player | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 5.5 |
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion_pro | * |
| vmware | workstation_pro | * |
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | workstation_player | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 5.5 |
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion_pro | * |
| vmware | workstation_pro | * |
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | workstation_player | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 5.5 |
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion_pro | * |
| vmware | workstation_pro | * |
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | workstation_player | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 5.5 |
VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 6.2 |
| vmware | unified_access_gateway | 2.5 |
| vmware | unified_access_gateway | 2.8 |
| vmware | unified_access_gateway | 2.7 |
| vmware | horizon_view | 6.2.2 |
| vmware | unified_access_gateway | 2.7.2 |
| vmware | horizon_view | 6.2.1 |
| vmware | unified_access_gateway | 2.5.1 |
| vmware | horizon_view | 6.0 |
| vmware | horizon_view | 7.0 |
| vmware | horizon_view | 6.1.1 |
| vmware | horizon_view | 6.2.3 |
| vmware | horizon_view | 6.0.2 |
| vmware | horizon_view | 6.2.4 |
| vmware | horizon_view | 6.1 |
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.0 |
| vmware | horizon_view | 4.2 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.0.1 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | horizon_view | 4.1 |
| vmware | workstation | 12.0 |
| vmware | workstation | 12.1.1 |
| vmware | horizon_view | 4.3 |
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.0 |
| vmware | horizon_view | 4.2 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.0.1 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | horizon_view | 4.1 |
| vmware | workstation | 12.0 |
| vmware | workstation | 12.1.1 |
| vmware | horizon_view | 4.3 |
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.0 |
| vmware | horizon_view | 4.2 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.0.1 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | horizon_view | 4.1 |
| vmware | workstation | 12.0 |
| vmware | workstation | 12.1.1 |
| vmware | horizon_view | 4.3 |
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.0 |
| vmware | horizon_view | 4.2 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.0.1 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | horizon_view | 4.1 |
| vmware | workstation | 12.0 |
| vmware | workstation | 12.1.1 |
| vmware | horizon_view | 4.3 |
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.0 |
| vmware | horizon_view | 4.2 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.0.1 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | horizon_view | 4.1 |
| vmware | workstation | 12.0 |
| vmware | workstation | 12.1.1 |
| vmware | horizon_view | 4.3 |
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.0 |
| vmware | horizon_view | 4.2 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.0.1 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | horizon_view | 4.1 |
| vmware | workstation | 12.0 |
| vmware | workstation | 12.1.1 |
| vmware | horizon_view | 4.3 |
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_data_protection | 5.5.11 |
| vmware | vsphere_data_protection | 6.0.3 |
| vmware | vsphere_data_protection | 6.1.0 |
| vmware | vsphere_data_protection | 6.1.3 |
| vmware | vsphere_data_protection | 5.5.8 |
| vmware | vsphere_data_protection | 6.0.4 |
| vmware | vsphere_data_protection | 5.5.10 |
| vmware | vsphere_data_protection | 5.8.3 |
| vmware | vsphere_data_protection | 6.1.1 |
| vmware | vsphere_data_protection | 6.0.0 |
| vmware | vsphere_data_protection | 5.8.1 |
| vmware | vsphere_data_protection | 5.8.0 |
| vmware | vsphere_data_protection | 5.5.9 |
| vmware | vsphere_data_protection | 5.5.1 |
| vmware | vsphere_data_protection | 5.8.4 |
| vmware | vsphere_data_protection | 5.5.5 |
| vmware | vsphere_data_protection | 5.8.2 |
| vmware | vsphere_data_protection | 6.0.1 |
| vmware | vsphere_data_protection | 5.5.6 |
| vmware | vsphere_data_protection | 5.5.7 |
| vmware | vsphere_data_protection | 6.1.2 |
| vmware | vsphere_data_protection | 6.0.2 |
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_pro | 12.0.0 |
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_player | 12.0.0 |
| vmware | workstation_pro | 12.0.0 |
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_data_protection | 5.5.11 |
| vmware | vsphere_data_protection | 6.0.3 |
| vmware | vsphere_data_protection | 6.1.0 |
| vmware | vsphere_data_protection | 6.1.3 |
| vmware | vsphere_data_protection | 5.5.8 |
| vmware | vsphere_data_protection | 6.0.4 |
| vmware | vsphere_data_protection | 5.5.10 |
| vmware | vsphere_data_protection | 5.8.3 |
| vmware | vsphere_data_protection | 6.1.1 |
| vmware | vsphere_data_protection | 6.0.0 |
| vmware | vsphere_data_protection | 5.8.1 |
| vmware | vsphere_data_protection | 5.8.0 |
| vmware | vsphere_data_protection | 5.5.9 |
| vmware | vsphere_data_protection | 5.8.4 |
| vmware | vsphere_data_protection | 5.5.5 |
| vmware | vsphere_data_protection | 5.8.2 |
| vmware | vsphere_data_protection | 6.0.1 |
| vmware | vsphere_data_protection | 5.5.6 |
| vmware | vsphere_data_protection | 5.5.7 |
| vmware | vsphere_data_protection | 6.1.2 |
| vmware | vsphere_data_protection | 6.0.2 |
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.3.0 |
| vmware | horizon_view | 4.0.1 |
| vmware | horizon_view | 3.3 |
| vmware | horizon_view | 4.1.0 |
| vmware | horizon_view | 3.0 |
| vmware | horizon_view | 4.2.0 |
| vmware | horizon_view | 2.3 |
| vmware | horizon_view | 4.4.0 |
| vmware | horizon_view | 3.1 |
| vmware | horizon_view | 3.2 |
| vmware | horizon_view | 4.0.0 |
| vmware | horizon_view | 2.1 |
| vmware | horizon_view | 2.2 |
| vmware | horizon_view | 2.0 |
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 5.5 |
| vmware | vcenter_server | 6.0 |
The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | nsx-v_edge | * |
VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_pro | * |
| vmware | fusion | * |
| vmware | esxi | 6.5 |
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_pro | * |
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 5.5 |
| vmware | workstation | * |
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-90,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 5.5 |
| vmware | vcenter_server | 6.0 |
VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | nsx_edge | 6.3.1 |
| vmware | nsx_edge | 6.3.2 |
| vmware | nsx_edge | 6.2.0 |
| vmware | nsx_edge | 6.2.8 |
| vmware | nsx_edge | 6.2.5 |
| vmware | nsx_edge | 6.3.0 |
| vmware | nsx_edge | 6.2.1 |
| vmware | nsx_edge | 6.3.4 |
| vmware | nsx_edge | 6.2.2 |
| vmware | nsx_edge | 6.2.4 |
| vmware | nsx_edge | 6.2.7 |
| vmware | nsx_edge | 6.2.3 |
| vmware | nsx_edge | 6.2.6 |
| vmware | nsx_edge | 6.3.3 |
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch | * |
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch | * |
VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch_launcher | * |
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_pro | 14.1.0 |
| vmware | workstation_pro | * |
| vmware | fusion | * |
| vmware | workstation_pro | 14.0 |
| vmware | esxi | 6.5 |
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | 8.5.6 |
| vmware | fusion | 8.1.0 |
| vmware | fusion | 8.5.4 |
| vmware | workstation | 12.5.4 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | fusion | 8.5.1 |
| vmware | workstation | 12.5.3 |
| vmware | workstation | 12.5.6 |
| vmware | fusion | 8.1.1 |
| vmware | workstation | 12.0.0 |
| vmware | workstation | 12.5.5 |
| vmware | workstation | 12.5 |
| vmware | fusion | 8.5.3 |
| vmware | fusion | 8.0.2 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.5.7 |
| vmware | fusion | 8.5.0 |
| vmware | fusion | 8.5.7 |
| vmware | workstation | 12.0.1 |
| vmware | fusion | 8.5.8 |
| vmware | fusion | 8.0.1 |
| vmware | workstation | 12.1.1 |
| vmware | fusion | 8.5.2 |
| vmware | fusion | 8.5.5 |
| vmware | fusion | 8.0.0 |
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.2 |
| vmware | horizon_view | 4.5 |
| vmware | horizon_view | 4.0.1 |
| vmware | workstation | 12.5.4 |
| vmware | workstation | 12.0.1 |
| vmware | horizon_view | 4.6 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | workstation | 12.5.3 |
| vmware | horizon_view | 4.1 |
| vmware | workstation | 12.1.1 |
| vmware | workstation | 12.5.6 |
| vmware | workstation | 12.0.0 |
| vmware | horizon_view | 4.4 |
| vmware | workstation | 12.5.5 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | horizon_view | 4.0.0 |
| vmware | workstation | 12.5.7 |
| vmware | horizon_view | 4.3 |
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.2 |
| vmware | horizon_view | 4.5 |
| vmware | horizon_view | 4.0.1 |
| vmware | workstation | 12.5.4 |
| vmware | workstation | 12.0.1 |
| vmware | horizon_view | 4.6 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | workstation | 12.5.3 |
| vmware | horizon_view | 4.1 |
| vmware | workstation | 12.1.1 |
| vmware | workstation | 12.5.6 |
| vmware | workstation | 12.0.0 |
| vmware | horizon_view | 4.4 |
| vmware | workstation | 12.5.5 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | horizon_view | 4.0.0 |
| vmware | workstation | 12.5.7 |
| vmware | horizon_view | 4.3 |
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | 4.2 |
| vmware | horizon_view | 4.5 |
| vmware | horizon_view | 4.0.1 |
| vmware | workstation | 12.5.4 |
| vmware | workstation | 12.0.1 |
| vmware | horizon_view | 4.6 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | workstation | 12.5.3 |
| vmware | horizon_view | 4.1 |
| vmware | workstation | 12.1.1 |
| vmware | workstation | 12.5.6 |
| vmware | workstation | 12.0.0 |
| vmware | horizon_view | 4.4 |
| vmware | workstation | 12.5.5 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | horizon_view | 4.0.0 |
| vmware | workstation | 12.5.7 |
| vmware | horizon_view | 4.3 |
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
CVSS 2.0
Severity: LOW
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | 8.5.6 |
| vmware | fusion | 8.1.0 |
| vmware | fusion | 8.5.4 |
| vmware | workstation | 12.5.4 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | fusion | 8.5.1 |
| vmware | workstation | 12.5.3 |
| vmware | workstation | 12.5.6 |
| vmware | fusion | 8.1.1 |
| vmware | workstation | 12.0.0 |
| vmware | workstation | 12.5.5 |
| vmware | workstation | 12.5 |
| vmware | fusion | 8.5.3 |
| vmware | fusion | 8.0.2 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.5.7 |
| vmware | fusion | 8.5.0 |
| vmware | fusion | 8.5.7 |
| vmware | workstation | 12.0.1 |
| vmware | fusion | 8.5.8 |
| vmware | fusion | 8.0.1 |
| vmware | workstation | 12.1.1 |
| vmware | fusion | 8.5.2 |
| vmware | fusion | 8.5.5 |
| vmware | fusion | 8.0.0 |
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 12.5.5 |
| vmware | workstation | 12.5.4 |
| vmware | workstation | 12.5.0 |
| vmware | workstation | 12.0.1 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | workstation | 12.5.3 |
| vmware | workstation | 12.1.1 |
| vmware | workstation | 12.5.6 |
| vmware | workstation | 12.5.7 |
| vmware | workstation | 12.0.0 |
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | esxi | 6.5 |
| vmware | esxi | 5.5 |
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | esxi | 5.5 |
| vmware | workstation | * |
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch_console | * |
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | 8.5.6 |
| vmware | fusion | 8.5.4 |
| vmware | workstation | 12.5.8 |
| vmware | fusion | 8.5.9 |
| vmware | workstation | 12.5.9 |
| vmware | workstation | 12.5.4 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | fusion | 8.5.1 |
| vmware | workstation | 12.5.3 |
| vmware | workstation | 12.5.6 |
| vmware | fusion | 8.1.1 |
| vmware | workstation | 12.0.0 |
| vmware | workstation | 12.5.5 |
| vmware | workstation | 12.5 |
| vmware | fusion | 8.5.3 |
| vmware | fusion | 8.0.2 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.5.7 |
| vmware | fusion | 10.0.1 |
| vmware | fusion | 8.5.10 |
| vmware | fusion | 10.1.0 |
| vmware | fusion | 8.5.7 |
| vmware | workstation | 12.0.1 |
| vmware | fusion | 8.5.8 |
| vmware | fusion | 8.0 |
| vmware | fusion | 8.0.1 |
| vmware | workstation | 12.1.1 |
| vmware | fusion | 8.1 |
| vmware | fusion | 8.5.2 |
| vmware | fusion | 10.1.1 |
| vmware | workstation | 12.5.0 |
| vmware | fusion | 8.5.5 |
| vmware | workstation | 14.0 |
| vmware | fusion | 8.5 |
| vmware | fusion | 10.0 |
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_for_horizon | * |
| vmware | vrealize_operations_for_published_applications | * |
VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_automation | 7.2.0 |
| vmware | vrealize_automation | 7.3.0 |
| vmware | vsphere_integrated_containers | * |
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | * |
| vmware | workstation | 12.5.8 |
| vmware | workstation | 12.5.9 |
| vmware | workstation | 12.5.4 |
| vmware | workstation | 12.0.1 |
| vmware | workstation | 12.5.1 |
| vmware | workstation | 12.5.2 |
| vmware | workstation | 12.5.3 |
| vmware | workstation | 12.1.1 |
| vmware | workstation | 12.5.6 |
| vmware | workstation | 12.0.0 |
| vmware | workstation | 12.5.5 |
| vmware | workstation | 12.5 |
| vmware | workstation | 12.1 |
| vmware | workstation | 12.5.0 |
| vmware | workstation | 14.0 |
| vmware | workstation | 12.5.7 |
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch | * |
VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | xenon | 1.5.7_7 |
| vmware | xenon | 1.3.7 |
| vmware | xenon | 1.4.2 |
| vmware | xenon | 1.5.4_8 |
| vmware | xenon | 1.5.4 |
| vmware | xenon | * |
| vmware | xenon | 1.1.0 |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | rabbitmq | 1.6.0 |
| pivotal_software | rabbitmq | 1.6.7 |
| pivotal_software | rabbitmq | 1.6.2 |
| broadcom | rabbitmq_server | 3.5.2 |
| pivotal_software | rabbitmq | 1.5.11 |
| vmware | rabbitmq | 3.4.3 |
| pivotal_software | rabbitmq | 3.6.5 |
| pivotal_software | rabbitmq | 1.5.15 |
| pivotal_software | rabbitmq | 1.6.5 |
| pivotal_software | rabbitmq | 1.7.0 |
| pivotal_software | rabbitmq | 1.6.15 |
| vmware | rabbitmq | 3.5.1 |
| pivotal_software | rabbitmq | 3.6.0 |
| pivotal_software | rabbitmq | 1.7.2 |
| vmware | rabbitmq | 3.6.7 |
| pivotal_software | rabbitmq | 1.7.13 |
| broadcom | rabbitmq_server | 3.5.3 |
| pivotal_software | rabbitmq | 1.5.6 |
| pivotal_software | rabbitmq | 1.5.4 |
| pivotal_software | rabbitmq | 1.7.14 |
| pivotal_software | rabbitmq | 1.5.2 |
| pivotal_software | rabbitmq | 1.6.1 |
| pivotal_software | rabbitmq | 3.6.6 |
| pivotal_software | rabbitmq | 1.6.4 |
| pivotal_software | rabbitmq | 1.5.9 |
| pivotal_software | rabbitmq | 1.6.9 |
| pivotal_software | rabbitmq | 1.7.3 |
| broadcom | rabbitmq_server | 3.4.0 |
| vmware | rabbitmq | 3.4.4 |
| pivotal_software | rabbitmq | 1.5.14 |
| pivotal_software | rabbitmq | 3.6.3 |
| vmware | rabbitmq | 3.5.0 |
| pivotal_software | rabbitmq | 1.6.12 |
| pivotal_software | rabbitmq | 1.6.14 |
| broadcom | rabbitmq_server | 3.5.6 |
| pivotal_software | rabbitmq | 1.5.10 |
| pivotal_software | rabbitmq | 3.5.4 |
| broadcom | rabbitmq_server | 3.4.3 |
| pivotal_software | rabbitmq | 1.5.5 |
| pivotal_software | rabbitmq | 1.5.12 |
| pivotal_software | rabbitmq | 1.5.1 |
| pivotal_software | rabbitmq | 1.5.17 |
| pivotal_software | rabbitmq | 1.7.10 |
| pivotal_software | rabbitmq | 1.6.3 |
| pivotal_software | rabbitmq | 1.5.18 |
| broadcom | rabbitmq_server | 3.4.4 |
| pivotal_software | rabbitmq | 1.5.0 |
| pivotal_software | rabbitmq | 1.7.4 |
| pivotal_software | rabbitmq | 1.5.7 |
| pivotal_software | rabbitmq | 1.5.13 |
| pivotal_software | rabbitmq | 1.6.13 |
| pivotal_software | rabbitmq | 1.5.8 |
| broadcom | rabbitmq_server | 3.5.1 |
| broadcom | rabbitmq_server | 3.4.2 |
| vmware | rabbitmq | 3.4.2 |
| pivotal_software | rabbitmq | 1.6.8 |
| pivotal_software | rabbitmq | 1.7.7 |
| vmware | rabbitmq | 3.5.6 |
| broadcom | rabbitmq_server | 3.6.7 |
| pivotal_software | rabbitmq | 3.6.1 |
| pivotal_software | rabbitmq | 1.6.10 |
| vmware | rabbitmq | 3.4.1 |
| vmware | rabbitmq | 3.5.2 |
| pivotal_software | rabbitmq | 1.5.19 |
| pivotal_software | rabbitmq | 1.7.8 |
| pivotal_software | rabbitmq | 3.6.2 |
| pivotal_software | rabbitmq | 1.7.6 |
| pivotal_software | rabbitmq | 1.7.9 |
| pivotal_software | rabbitmq | 3.5.5 |
| vmware | rabbitmq | 3.4.0 |
| pivotal_software | rabbitmq | 3.5.7 |
| pivotal_software | rabbitmq | 1.5.3 |
| pivotal_software | rabbitmq | 1.7.5 |
| pivotal_software | rabbitmq | 1.6.16 |
| pivotal_software | rabbitmq | 1.6.6 |
| vmware | rabbitmq | 3.5.3 |
| broadcom | rabbitmq_server | 3.4.1 |
| debian | debian_linux | 9.0 |
| broadcom | rabbitmq_server | 3.5.0 |
| pivotal_software | rabbitmq | 3.6.4 |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | rabbitmq | 1.6.0 |
| pivotal_software | rabbitmq | 1.6.7 |
| pivotal_software | rabbitmq | 1.6.2 |
| broadcom | rabbitmq_server | 3.5.2 |
| pivotal_software | rabbitmq | 1.5.11 |
| vmware | rabbitmq | 3.4.3 |
| pivotal_software | rabbitmq | 3.6.5 |
| pivotal_software | rabbitmq | 1.5.15 |
| pivotal_software | rabbitmq | 1.6.5 |
| pivotal_software | rabbitmq | 1.7.0 |
| pivotal_software | rabbitmq | 1.6.15 |
| vmware | rabbitmq | 3.5.1 |
| pivotal_software | rabbitmq | 3.6.0 |
| pivotal_software | rabbitmq | 1.7.2 |
| vmware | rabbitmq | 3.6.7 |
| pivotal_software | rabbitmq | 1.7.13 |
| broadcom | rabbitmq_server | 3.5.3 |
| pivotal_software | rabbitmq | 1.5.6 |
| pivotal_software | rabbitmq | 1.5.4 |
| pivotal_software | rabbitmq | 1.7.14 |
| pivotal_software | rabbitmq | 1.5.2 |
| pivotal_software | rabbitmq | 1.6.1 |
| pivotal_software | rabbitmq | 3.6.6 |
| pivotal_software | rabbitmq | 1.6.4 |
| pivotal_software | rabbitmq | 1.5.9 |
| pivotal_software | rabbitmq | 1.6.9 |
| pivotal_software | rabbitmq | 1.7.3 |
| broadcom | rabbitmq_server | 3.4.0 |
| vmware | rabbitmq | 3.4.4 |
| pivotal_software | rabbitmq | 1.5.14 |
| pivotal_software | rabbitmq | 3.6.3 |
| vmware | rabbitmq | 3.5.0 |
| pivotal_software | rabbitmq | 1.6.12 |
| pivotal_software | rabbitmq | 1.6.14 |
| broadcom | rabbitmq_server | 3.5.6 |
| pivotal_software | rabbitmq | 1.5.10 |
| pivotal_software | rabbitmq | 3.5.4 |
| broadcom | rabbitmq_server | 3.4.3 |
| pivotal_software | rabbitmq | 1.5.5 |
| pivotal_software | rabbitmq | 1.5.12 |
| pivotal_software | rabbitmq | 1.5.1 |
| pivotal_software | rabbitmq | 1.5.17 |
| pivotal_software | rabbitmq | 1.7.10 |
| pivotal_software | rabbitmq | 1.6.3 |
| pivotal_software | rabbitmq | 1.5.18 |
| broadcom | rabbitmq_server | 3.4.4 |
| pivotal_software | rabbitmq | 1.5.0 |
| pivotal_software | rabbitmq | 1.7.4 |
| pivotal_software | rabbitmq | 1.5.7 |
| pivotal_software | rabbitmq | 1.5.13 |
| pivotal_software | rabbitmq | 1.6.13 |
| pivotal_software | rabbitmq | 1.5.8 |
| broadcom | rabbitmq_server | 3.5.1 |
| broadcom | rabbitmq_server | 3.4.2 |
| vmware | rabbitmq | 3.4.2 |
| pivotal_software | rabbitmq | 1.6.8 |
| pivotal_software | rabbitmq | 1.7.7 |
| vmware | rabbitmq | 3.5.6 |
| broadcom | rabbitmq_server | 3.6.7 |
| pivotal_software | rabbitmq | 3.6.1 |
| pivotal_software | rabbitmq | 1.6.10 |
| vmware | rabbitmq | 3.4.1 |
| vmware | rabbitmq | 3.5.2 |
| pivotal_software | rabbitmq | 1.5.19 |
| pivotal_software | rabbitmq | 1.7.8 |
| pivotal_software | rabbitmq | 3.6.2 |
| pivotal_software | rabbitmq | 1.7.6 |
| pivotal_software | rabbitmq | 1.7.9 |
| pivotal_software | rabbitmq | 3.5.5 |
| vmware | rabbitmq | 3.4.0 |
| pivotal_software | rabbitmq | 3.5.7 |
| pivotal_software | rabbitmq | 1.5.3 |
| pivotal_software | rabbitmq | 1.7.5 |
| pivotal_software | rabbitmq | 1.6.16 |
| pivotal_software | rabbitmq | 1.6.6 |
| vmware | rabbitmq | 3.5.3 |
| broadcom | rabbitmq_server | 3.4.1 |
| debian | debian_linux | 9.0 |
| broadcom | rabbitmq_server | 3.5.0 |
| pivotal_software | rabbitmq | 3.6.4 |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | rabbitmq | 1.6.0 |
| pivotal_software | rabbitmq | 1.6.7 |
| pivotal_software | rabbitmq | 1.6.2 |
| broadcom | rabbitmq_server | 3.5.2 |
| pivotal_software | rabbitmq | 1.5.11 |
| vmware | rabbitmq | 3.4.3 |
| pivotal_software | rabbitmq | 3.6.5 |
| pivotal_software | rabbitmq | 1.5.15 |
| pivotal_software | rabbitmq | 1.6.5 |
| pivotal_software | rabbitmq | 1.7.0 |
| pivotal_software | rabbitmq | 1.6.15 |
| vmware | rabbitmq | 3.5.1 |
| pivotal_software | rabbitmq | 3.6.0 |
| pivotal_software | rabbitmq | 1.7.2 |
| vmware | rabbitmq | 3.6.7 |
| pivotal_software | rabbitmq | 1.7.13 |
| broadcom | rabbitmq_server | 3.5.3 |
| pivotal_software | rabbitmq | 1.5.6 |
| pivotal_software | rabbitmq | 1.5.4 |
| pivotal_software | rabbitmq | 1.7.14 |
| pivotal_software | rabbitmq | 1.5.2 |
| pivotal_software | rabbitmq | 1.6.1 |
| pivotal_software | rabbitmq | 3.6.6 |
| pivotal_software | rabbitmq | 1.6.4 |
| pivotal_software | rabbitmq | 1.5.9 |
| pivotal_software | rabbitmq | 1.6.9 |
| pivotal_software | rabbitmq | 1.7.3 |
| broadcom | rabbitmq_server | 3.4.0 |
| vmware | rabbitmq | 3.4.4 |
| pivotal_software | rabbitmq | 1.5.14 |
| pivotal_software | rabbitmq | 3.6.3 |
| vmware | rabbitmq | 3.5.0 |
| pivotal_software | rabbitmq | 1.6.12 |
| pivotal_software | rabbitmq | 1.6.14 |
| broadcom | rabbitmq_server | 3.5.6 |
| pivotal_software | rabbitmq | 1.5.10 |
| pivotal_software | rabbitmq | 3.5.4 |
| broadcom | rabbitmq_server | 3.4.3 |
| pivotal_software | rabbitmq | 1.5.5 |
| pivotal_software | rabbitmq | 1.5.12 |
| pivotal_software | rabbitmq | 1.5.1 |
| pivotal_software | rabbitmq | 1.5.17 |
| pivotal_software | rabbitmq | 1.7.10 |
| pivotal_software | rabbitmq | 1.6.3 |
| pivotal_software | rabbitmq | 1.5.18 |
| broadcom | rabbitmq_server | 3.4.4 |
| pivotal_software | rabbitmq | 1.5.0 |
| pivotal_software | rabbitmq | 1.7.4 |
| pivotal_software | rabbitmq | 1.5.7 |
| pivotal_software | rabbitmq | 1.5.13 |
| pivotal_software | rabbitmq | 1.6.13 |
| pivotal_software | rabbitmq | 1.5.8 |
| broadcom | rabbitmq_server | 3.5.1 |
| broadcom | rabbitmq_server | 3.4.2 |
| vmware | rabbitmq | 3.4.2 |
| pivotal_software | rabbitmq | 1.6.8 |
| pivotal_software | rabbitmq | 1.7.7 |
| vmware | rabbitmq | 3.5.6 |
| broadcom | rabbitmq_server | 3.6.7 |
| pivotal_software | rabbitmq | 3.6.1 |
| pivotal_software | rabbitmq | 1.6.10 |
| vmware | rabbitmq | 3.4.1 |
| vmware | rabbitmq | 3.5.2 |
| pivotal_software | rabbitmq | 1.5.19 |
| pivotal_software | rabbitmq | 1.7.8 |
| pivotal_software | rabbitmq | 3.6.2 |
| pivotal_software | rabbitmq | 1.7.6 |
| pivotal_software | rabbitmq | 1.7.9 |
| pivotal_software | rabbitmq | 3.5.5 |
| vmware | rabbitmq | 3.4.0 |
| pivotal_software | rabbitmq | 3.5.7 |
| pivotal_software | rabbitmq | 1.5.3 |
| pivotal_software | rabbitmq | 1.7.5 |
| pivotal_software | rabbitmq | 1.6.16 |
| pivotal_software | rabbitmq | 1.6.6 |
| vmware | rabbitmq | 3.5.3 |
| broadcom | rabbitmq_server | 3.4.1 |
| debian | debian_linux | 9.0 |
| broadcom | rabbitmq_server | 3.5.0 |
| pivotal_software | rabbitmq | 3.6.4 |
An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | 5.0.0 |
| vmware | spring_security | 4.2.2 |
| vmware | spring_security | 4.2.0 |
| vmware | spring_security | 4.2.1 |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.6 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | 1.1 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-203,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intel | xeon_e3_1125c | - |
| intel | pentium_n | n3700 |
| intel | xeon | x3480 |
| intel | xeon_gold | 6136 |
| intel | xeon_e3_1286l_v3 | - |
| intel | xeon_e5_2648l | - |
| intel | core_i5 | 8600k |
| intel | xeon_e5_2603_v3 | - |
| intel | core_i7 | 2677m |
| intel | xeon_e5_2650 | - |
| intel | core_i7 | 3517ue |
| intel | core_i7 | 5750hq |
| intel | xeon_e5_2403_v2 | - |
| suse | suse_linux_enterprise_server | 12 |
| intel | xeon_e3_1505l_v5 | - |
| intel | core_i7 | 4785t |
| intel | xeon_e3_1240 | - |
| intel | core_i7 | 640um |
| intel | core_i7 | 920xm |
| intel | xeon | l5640 |
| intel | xeon_e5_1620_v3 | - |
| phoenixcontact | bl_bpc_2001_firmware | - |
| intel | core_i5 | 4260u |
| intel | atom_x7-e3950 | - |
| intel | core_i5 | 3427u |
| intel | atom_c | c2550 |
| intel | core_i5 | 6500t |
| intel | xeon_phi | 7230 |
| intel | core_i3 | 4160t |
| intel | xeon | e7530 |
| phoenixcontact | bl2_ppc_7000_firmware | - |
| intel | celeron_j | j1850 |
| intel | xeon_e7 | 4830_v2 |
| intel | xeon_e7 | 4870_v2 |
| intel | core_i5 | 3360m |
| intel | xeon_e5_2637_v2 | - |
| intel | xeon_phi | 7290f |
| arm | neoverse_n1_firmware | - |
| intel | core_i7 | 4700hq |
| intel | xeon | l5638 |
| intel | xeon_e3_1285_v6 | - |
| intel | xeon_gold | 6138t |
| intel | xeon | w3670 |
| intel | xeon_e-1105c | - |
| intel | core_i3 | 2310m |
| intel | core_i3 | 4330 |
| intel | core_i7 | 970 |
| intel | core_i7 | 4850hq |
| intel | xeon_e7 | 2870_v2 |
| intel | xeon_e5_2430l | - |
| intel | xeon_e5 | 2660 |
| intel | xeon_e5_2620 | - |
| intel | xeon_e7 | 8894_v4 |
| intel | core_i5 | 4300u |
| intel | core_i7 | 4800mq |
| intel | xeon_gold | 6130t |
| intel | xeon_e7 | 4850_v2 |
| phoenixcontact | dl_ppc18.5m_7000_firmware | - |
| intel | xeon_e3_1280_v6 | - |
| intel | core_i5 | 3317u |
| intel | atom_z | z2580 |
| intel | core_i7 | 2820qm |
| intel | core_i5 | 3450s |
| intel | xeon_platinum | 8176f |
| intel | xeon_gold | 6140 |
| oracle | local_service_management_system | 13.1 |
| intel | core_i5 | 4200h |
| intel | xeon_e3_1278l_v4 | - |
| intel | atom_z | z3736g |
| phoenixcontact | el_ppc_1000_firmware | - |
| intel | core_i3 | 4350 |
| intel | core_i7 | 4610y |
| intel | xeon_e5_2470 | - |
| intel | xeon_e5 | 4610_v2 |
| intel | xeon_e5_2618l_v3 | - |
| intel | core_i7 | 4558u |
| intel | xeon_phi | 7210 |
| intel | xeon | e5645 |
| intel | xeon_e3_1275_v3 | - |
| intel | xeon_e7 | 8870_v3 |
| intel | core_i3 | 4150 |
| intel | xeon_gold | 6138 |
| intel | core_i7 | 4702hq |
| intel | core_i5 | 2435m |
| intel | atom_z | z3785 |
| intel | xeon_e3_1270_v3 | - |
| intel | core_i5 | 4220y |
| intel | core_m | 5y51 |
| intel | pentium_j | j4205 |
| intel | xeon_e5_2618l_v2 | - |
| intel | core_i3 | 6157u |
| intel | pentium_n | n3530 |
| intel | core_i5 | 4422e |
| intel | core_i7 | 8700k |
| phoenixcontact | bl2_ppc_2000_firmware | - |
| intel | xeon_e3_1230_v5 | - |
| intel | xeon_e5 | 2658_v4 |
| intel | xeon_e3_1245_v6 | - |
| intel | core_i5 | 4460t |
| intel | xeon_e7 | 2803 |
| intel | core_i5 | 2515e |
| intel | core_i5 | 2430m |
| intel | xeon_e3_1226_v3 | - |
| intel | xeon_e5_2448l | - |
| intel | celeron_n | n2840 |
| intel | core_i7 | 2610ue |
| intel | core_i7 | 4770r |
| intel | core_i5 | 6600t |
| intel | xeon_e3_12201 | - |
| intel | core_i3 | 4340te |
| intel | xeon_e7 | 2890_v2 |
| intel | core_i5 | 560m |
| intel | core_i5 | 2557m |
| intel | atom_c | c3558 |
| intel | xeon_e3_1125c_v2 | - |
| intel | xeon_e5_1620_v4 | - |
| intel | core_i3 | 550 |
| intel | core_i7 | 8550u |
| intel | xeon_e5 | 4660_v4 |
| intel | core_i5 | 3340s |
| intel | core_i5 | 4402e |
| intel | xeon_e5_2470_v2 | - |
| intel | core_i5 | 4690 |
| intel | core_i3 | 2350m |
| intel | core_i7 | 4510u |
| intel | core_i7 | 4600u |
| intel | xeon_e3_1501m_v6 | - |
| intel | xeon_e7 | 4820_v2 |
| intel | xeon_gold | 6130f |
| intel | atom_c | c3808 |
| intel | core_i5 | 2500k |
| intel | core_i7 | 3840qm |
| intel | xeon_e5_2440_v2 | - |
| intel | core_i7 | 2920xm |
| intel | core_i5 | 4570s |
| intel | core_i7 | 2710qe |
| intel | xeon | e5506 |
| intel | xeon_e3_1230l_v3 | - |
| intel | core_i5 | 4310u |
| synology | router_manager | * |
| intel | core_i3 | 6100 |
| intel | core_i7 | 4810mq |
| intel | xeon_e5 | 2690 |
| intel | core_i3 | 3250t |
| intel | xeon_e3_1285l_v3 | - |
| intel | core_i5 | 4570 |
| intel | core_i7 | 5850eq |
| intel | core_i5 | 4440 |
| intel | core_i7 | 3615qe |
| intel | xeon_e3_1280 | - |
| intel | core_i7 | 3615qm |
| intel | core_i5 | 2390t |
| intel | xeon_e5 | 4640_v4 |
| intel | core_i3 | 2115c |
| intel | core_i5 | 2410m |
| intel | atom_c | c2538 |
| intel | xeon | w5590 |
| intel | xeon_e7 | 2880_v2 |
| intel | core_i5 | 3570 |
| intel | core_i3 | 6100t |
| intel | core_i7 | 965 |
| intel | xeon_e5 | 4648_v3 |
| intel | core_i7 | 4770k |
| intel | xeon_silver | 4116t |
| intel | core_i3 | 2330e |
| intel | xeon_e3_1225_v3 | - |
| intel | core_i7 | 4790 |
| intel | core_i5 | 6440eq |
| intel | core_i7 | 980x |
| intel | core_i7 | 4771 |
| intel | xeon_e3_1276_v3 | - |
| intel | atom_z | z2760 |
| siemens | simatic_itc1500_firmware | * |
| intel | core_i3 | 6320 |
| intel | xeon_e3_1230 | - |
| opensuse | leap | 42.3 |
| intel | xeon_e5_2637_v3 | - |
| intel | xeon_gold | 6126t |
| intel | core_i7 | 720qm |
| intel | xeon_e7 | 8860_v3 |
| intel | xeon_gold | 6146 |
| intel | xeon_e5_2603_v2 | - |
| intel | core_i7 | 3555le |
| intel | atom_c | c3958 |
| intel | celeron_j | j4105 |
| intel | core_i7 | 5775c |
| intel | xeon_e3_1501l_v6 | - |
| intel | xeon_e7 | 8867l |
| intel | core_i5 | 4250u |
| intel | xeon_e5 | 4650_v3 |
| phoenixcontact | vl2_bpc_2000_firmware | - |
| intel | xeon_e5 | 4607 |
| intel | core_i5 | 3337u |
| intel | xeon_e5 | 2670 |
| intel | atom_e | e3805 |
| intel | xeon_e5_2450_v2 | - |
| intel | atom_c | c2350 |
| intel | xeon_platinum | 8153 |
| intel | xeon_e5_2407_v2 | - |
| intel | xeon_e5_1680_v3 | - |
| oracle | local_service_management_system | 13.2 |
| intel | xeon | e5530 |
| intel | core_i7 | 840qm |
| intel | xeon_e5 | 2667_v2 |
| intel | xeon_e5 | 2697_v2 |
| phoenixcontact | dl_ppc15m_7000_firmware | - |
| intel | core_i7 | 4790t |
| intel | core_i5 | 2500t |
| intel | xeon_e5 | 2699a_v4 |
| netapp | solidfire | - |
| intel | core_i5 | 3570k |
| phoenixcontact | bl_ppc17_3000_firmware | - |
| intel | xeon_e5_1660 | - |
| intel | xeon | x5650 |
| intel | atom_z | z2520 |
| intel | core_i3 | 6100h |
| intel | xeon | e5540 |
| intel | core_i7 | 5600u |
| intel | xeon_gold | 6140m |
| intel | core_i7 | 4710hq |
| intel | core_i7 | 4712hq |
| intel | core_i7 | 7567u |
| intel | xeon_e5 | 2695_v2 |
| intel | core_i3 | 3110m |
| intel | xeon_e7 | 8893_v3 |
| intel | atom_c | c3955 |
| intel | xeon_e5_2623_v3 | - |
| intel | xeon_e7 | 4809_v3 |
| intel | core_i5 | 4200m |
| intel | core_i3 | 3240 |
| intel | core_i3 | 4100m |
| intel | xeon | l5508 |
| intel | core_i5 | 4300y |
| arm | cortex-a78_firmware | - |
| phoenixcontact | bl_ppc17_1000_firmware | - |
| intel | core_i5 | 750 |
| intel | core_i7 | 2620m |
| canonical | ubuntu_linux | 14.04 |
| intel | atom_c | c3758 |
| intel | celeron_n | n4100 |
| intel | core_i5 | 2500 |
| intel | atom_c | c2758 |
| intel | core_i3 | 2312m |
| intel | xeon_e5 | 2680_v4 |
| phoenixcontact | bl2_bpc_7000_firmware | - |
| intel | xeon_e7 | 4820 |
| intel | core_i5 | 4278u |
| intel | xeon_gold | 6126 |
| intel | core_i5 | 450m |
| intel | core_i3 | 4010u |
| intel | core_i5 | 6300hq |
| intel | core_i5 | 6300u |
| intel | xeon_e5 | 4669_v4 |
| intel | xeon_e7 | 8837 |
| intel | xeon_e5_2603_v4 | - |
| intel | core_i5 | 6442eq |
| intel | core_i7 | 4550u |
| intel | xeon_e5 | 4657l_v2 |
| intel | core_i5 | 4302y |
| intel | xeon_e5 | 2687w_v2 |
| intel | xeon_e7 | 8870 |
| intel | core_i3 | 2120t |
| intel | core_i5 | 5300u |
| intel | core_i7 | 640lm |
| intel | atom_z | z3740 |
| intel | pentium_j | j2850 |
| intel | xeon_gold | 6142 |
| intel | xeon_e7 | 8893_v4 |
| intel | core_i5 | 2500s |
| intel | core_i3 | 3240t |
| intel | core_i7 | 7920hq |
| intel | xeon_e7 | 8850_v2 |
| intel | xeon_e5 | 2683_v4 |
| intel | celeron_n | n2930 |
| intel | atom_z | z3745 |
| intel | xeon | x3440 |
| intel | core_i3 | 3130m |
| intel | xeon_e7 | 4830 |
| intel | core_m | 5y10c |
| intel | xeon_e3 | 1558l_v5 |
| oracle | solaris | 10 |
| intel | core_i5 | 3340 |
| intel | xeon_e3_1268l_v3 | - |
| intel | xeon_e7 | 8850 |
| arm | cortex-r8_firmware | - |
| intel | xeon | x3450 |
| intel | xeon_e5_2428l | - |
| intel | core_i3 | 560 |
| intel | core_i5 | 660 |
| intel | core_i7 | 4980hq |
| intel | xeon_e5_2650l | - |
| intel | core_i5 | 2450m |
| intel | xeon_e7 | 4860_v2 |
| intel | core_i7 | 7700k |
| intel | xeon_platinum | 8170m |
| intel | xeon_gold | 6152 |
| intel | xeon_e3 | 1585_v5 |
| intel | core_i3 | 4110m |
| intel | core_i3 | 3220t |
| intel | celeron_n | n3000 |
| intel | xeon | e5503 |
| intel | xeon_e5_2630l | - |
| intel | core_i5 | 2400 |
| intel | core_i7 | 930 |
| intel | xeon_e5 | 2699_v3 |
| intel | xeon_e5_1428l | - |
| intel | core_i5 | 2450p |
| intel | xeon_e7 | 4890_v2 |
| intel | core_i3 | 3120me |
| intel | xeon | x5660 |
| intel | xeon_gold | 6138f |
| siemens | simatic_winac_rtx_(f)_2010_firmware | 2010 |
| intel | xeon_e5 | 2660_v4 |
| canonical | ubuntu_linux | 16.04 |
| intel | xeon_e7 | 8880l_v2 |
| intel | xeon | ec5509 |
| phoenixcontact | bl2_ppc_1000_firmware | - |
| phoenixcontact | vl2_bpc_1000_firmware | - |
| intel | xeon_e3_1245 | - |
| intel | xeon_e5 | 2687w_v4 |
| intel | xeon_e3_1230_v3 | - |
| intel | xeon | e7520 |
| intel | xeon_e5_1660_v4 | - |
| intel | xeon | w5580 |
| intel | core_i5 | 4590t |
| intel | xeon_e3 | 1565l_v5 |
| intel | xeon_e5_2643_v3 | - |
| intel | core_i3 | 4360t |
| intel | core_i5 | 4300m |
| intel | core_i5 | 4690s |
| intel | core_i5 | 4460s |
| intel | xeon_e5 | 4655_v4 |
| intel | xeon_e5_2640 | - |
| arm | neoverse_n2_firmware | - |
| intel | xeon_silver | 4109t |
| intel | core_i7 | 2635qm |
| intel | core_i7 | 5557u |
| intel | core_i7 | 5775r |
| intel | xeon_e5 | 2667_v4 |
| intel | core_i5 | 6600k |
| intel | xeon_e3_1240_v5 | - |
| intel | core_i3 | 6167u |
| intel | core_i5 | 4210m |
| canonical | ubuntu_linux | 17.04 |
| intel | celeron_n | n3050 |
| intel | core_i5 | 3450 |
| intel | core_i5 | 680 |
| intel | atom_z | z3735f |
| phoenixcontact | bl_ppc15_1000_firmware | - |
| siemens | simatic_itc2200_firmware | * |
| intel | xeon_e5 | 4620_v4 |
| intel | atom_z | z3560 |
| intel | atom_e | e3827 |
| intel | xeon_e5_2448l_v2 | - |
| intel | xeon_phi | 7235 |
| intel | core_i5 | 4288u |
| intel | core_i7 | 4770 |
| intel | core_i5 | 3330s |
| intel | xeon_e5_2438l_v3 | - |
| phoenixcontact | vl2_ppc_1000_firmware | - |
| intel | xeon_gold | 6132 |
| phoenixcontact | vl2_ppc9_1000_firmware | - |
| phoenixcontact | bl_bpc_2000_firmware | - |
| intel | celeron_n | n3160 |
| intel | core_i5 | 8350u |
| intel | core_i5 | 470um |
| intel | core_i3 | 370m |
| intel | xeon_e3_1270_v5 | - |
| intel | xeon_e5 | 2697_v4 |
| synology | virtual_machine_manager | * |
| synology | vs960hd_firmware | - |
| intel | core_i5 | 760 |
| arm | cortex-a72_firmware | - |
| intel | core_i5 | 3320m |
| intel | core_i5 | 4200u |
| intel | xeon_e5_1650_v2 | - |
| intel | core_i7 | 620um |
| intel | xeon_e5_2620_v2 | - |
| intel | core_i3 | 3115c |
| arm | cortex-a8_firmware | - |
| intel | xeon_e5_1650_v4 | - |
| intel | core_i3 | 4005u |
| intel | xeon_gold | 6148f |
| intel | xeon_e3_1220 | - |
| canonical | ubuntu_linux | 17.10 |
| phoenixcontact | bl_rackmount_2u_firmware | - |
| intel | core_i7 | 7820eq |
| intel | atom_z | z3775 |
| oracle | local_service_management_system | 13.3 |
| intel | xeon_e3_1268l_v5 | - |
| arm | cortex-a77_firmware | - |
| intel | atom_c | c3830 |
| intel | xeon | e7540 |
| intel | xeon_e5 | 4650 |
| intel | core_i5 | 460m |
| intel | core_i5 | 4670 |
| intel | xeon_e7 | 8890_v2 |
| intel | core_i3 | 3217ue |
| intel | core_i5 | 2320 |
| intel | xeon_e5 | 2670_v3 |
| intel | xeon_e5 | 4628l_v4 |
| intel | core_i7 | 4700ec |
| intel | atom_x3 | c3405 |
| intel | atom_c | c3850 |
| intel | xeon_e3_1225_v2 | - |
| intel | core_i7 | 3687u |
| intel | xeon_gold | 6130 |
| intel | xeon_e7 | 8880_v4 |
| intel | core_i5 | 3340m |
| intel | xeon_silver | 4114 |
| intel | xeon_e5_2620_v3 | - |
| intel | xeon_e7 | 4850 |
| opensuse | leap | 42.2 |
| intel | core_i7 | 2617m |
| intel | xeon | x5677 |
| intel | core_i7 | 4860hq |
| intel | core_i7 | 5700hq |
| intel | core_i7 | 3770s |
| intel | xeon_e3_1275_v5 | - |
| arm | cortex-a57_firmware | - |
| phoenixcontact | bl_ppc15_7000_firmware | - |
| intel | xeon_e7 | 8867_v3 |
| intel | xeon_platinum | 8164 |
| intel | core_i7 | 3517u |
| intel | core_i3 | 540 |
| intel | xeon_bronze_3104 | - |
| intel | xeon | l5630 |
| intel | xeon_e5_2420 | - |
| intel | core_i7 | 4600m |
| intel | core_i3 | 4330t |
| intel | core_i7 | 5700eq |
| intel | core_m3 | 6y30 |
| intel | atom_z | z2460 |
| phoenixcontact | vl_ppc_3000_firmware | - |
| intel | core_i3 | 2125 |
| intel | xeon | x5570 |
| intel | xeon | x6550 |
| intel | celeron_n | n2805 |
| intel | xeon_e3_1246_v3 | - |
| intel | core_i7 | 860s |
| intel | xeon_gold | 5119t |
| intel | xeon_e3_1240l_v5 | - |
| phoenixcontact | vl_bpc_3000_firmware | - |
| intel | xeon_e5_2630_v4 | - |
| intel | core_i3 | 5157u |
| intel | atom_x3 | c3445 |
| intel | xeon_gold | 5118 |
| intel | xeon | l5609 |
| intel | xeon_e3_1275_v2 | - |
| intel | core_i5 | 4350u |
| intel | core_i7 | 7560u |
| pepperl-fuchs | btc12_firmware | - |
| intel | xeon | l3426 |
| intel | xeon_e3_1235 | - |
| intel | core_i7 | 820qm |
| intel | xeon_e7 | 2850 |
| intel | xeon_e3_1220_v2 | - |
| intel | xeon_platinum | 8160m |
| intel | core_i3 | 3245 |
| intel | core_i3 | 6100u |
| intel | core_i7 | 2655le |
| intel | atom_x3 | c3295rk |
| intel | core_i5 | 6350hq |
| vmware | workstation | * |
| intel | xeon_e5_2609_v2 | - |
| oracle | solaris | 11.3 |
| intel | xeon_e5_2608l_v4 | - |
| intel | core_i5 | 3470t |
| phoenixcontact | vl2_ppc_9000_firmware | - |
| intel | xeon_e3_1260l | - |
| siemens | simatic_winac_rtx_(f)_2010_firmware | * |
| intel | core_i5 | 3380m |
| intel | core_i3 | 2377m |
| intel | xeon_e5_2643 | - |
| intel | xeon_e3 | 1535m_v5 |
| intel | xeon | l5520 |
| intel | xeon_phi | 7295 |
| intel | core_i5 | 3437u |
| intel | core_i7 | 610e |
| intel | core_i3 | 380m |
| intel | xeon_e3_1220_v3 | - |
| intel | xeon_e5_2608l_v3 | - |
| intel | core_i7 | 880 |
| intel | xeon_e3_1220_v6 | - |
| intel | xeon_gold | 6134m |
| intel | core_i5 | 2467m |
| intel | xeon | x5690 |
| intel | core_i3 | 4170t |
| intel | celeron_n | n2830 |
| intel | celeron_n | n3060 |
| suse | suse_linux_enterprise_desktop | 12 |
| synology | vs360hd_firmware | - |
| intel | xeon_e3_1225 | - |
| intel | core_i7 | 4710mq |
| intel | xeon_e5 | 2687w |
| intel | pentium_n | n3510 |
| intel | xeon_e7 | 4870 |
| intel | xeon_e5_1620 | - |
| intel | core_i7 | 660um |
| intel | celeron_n | n2808 |
| intel | xeon_e5 | 2699_v4 |
| synology | skynas | - |
| intel | xeon | x3460 |
| intel | core_i3 | 4158u |
| suse | suse_linux_enterprise_software_development_kit | 12 |
| intel | core_i5 | 3570t |
| intel | core_i7 | 2600k |
| intel | xeon_e5_2640_v2 | - |
| intel | core_i5 | 6287u |
| intel | xeon_silver | 4112 |
| intel | core_m3 | 7y32 |
| siemens | simatic_itc1500_pro_firmware | * |
| intel | xeon_e5_2650_v3 | - |
| intel | core_i7 | 3740qm |
| intel | xeon_e5_1630_v3 | - |
| intel | xeon_e5 | 4610_v4 |
| intel | xeon_e7 | 8880_v3 |
| intel | core_i3 | 2330m |
| arm | cortex-a12_firmware | - |
| intel | core_i7 | 4702mq |
| intel | core_i5 | 4570te |
| intel | core_i5 | 8400 |
| intel | atom_c | c2518 |
| intel | core_m | 5y70 |
| intel | xeon_e5_2630l_v3 | - |
| intel | xeon_e7 | 4820_v3 |
| intel | xeon_platinum | 8160 |
| intel | xeon_e3_1280_v5 | - |
| intel | xeon_e5 | 4650l |
| intel | core_i3 | 330m |
| intel | xeon_e3_1290_v2 | - |
| arm | cortex-a15_firmware | - |
| intel | xeon_e7 | 8880l_v3 |
| phoenixcontact | bl_ppc15_3000_firmware | - |
| intel | core_i5 | 4210y |
| phoenixcontact | bl_bpc_7001_firmware | - |
| arm | cortex-a75_firmware | - |
| phoenixcontact | bl2_bpc_1000_firmware | - |
| intel | xeon_e5 | 4610 |
| intel | core_i7 | 7660u |
| intel | celeron_n | n2810 |
| intel | xeon_e5_2609_v3 | - |
| intel | core_i3 | 2310e |
| intel | atom_c | c3858 |
| intel | atom_c | c2738 |
| intel | xeon_e3 | 1578l_v5 |
| intel | xeon_e5_2630_v2 | - |
| suse | suse_linux_enterprise_server | 11 |
| intel | core_i7 | 7820hk |
| intel | celeron_j | j3160 |
| intel | core_i7 | 3689y |
| intel | xeon_silver | 4110 |
| intel | core_i5 | 5257u |
| intel | core_i5 | 520um |
| phoenixcontact | vl2_bpc_9000_firmware | - |
| intel | core_i7 | 2720qm |
| intel | xeon_e5_2430_v2 | - |
| intel | core_i3 | 330e |
| intel | xeon_e5 | 4640_v2 |
| intel | xeon_e5_2628l_v4 | - |
| intel | xeon | e5502 |
| intel | core_i3 | 4170 |
| intel | xeon_gold | 5115 |
| intel | core_i5 | 3550 |
| intel | core_i5 | 4670t |
| intel | xeon_e5 | 2658_v2 |
| intel | xeon | e5620 |
| intel | xeon_e3_12201_v2 | - |
| phoenixcontact | bl_bpc_7000_firmware | - |
| phoenixcontact | bl2_bpc_2000_firmware | - |
| intel | xeon | l5518 |
| intel | core_i5 | 3210m |
| intel | celeron_n | n2940 |
| intel | core_i3 | 2348m |
| intel | xeon_gold | 5122 |
| intel | core_i5 | 3570s |
| intel | xeon | x5670 |
| intel | core_i5 | 4310m |
| intel | xeon_e5 | 2660_v3 |
| intel | core_i3 | 4020y |
| intel | core_i3 | 5020u |
| intel | xeon_e5_2403 | - |
| intel | core_i5 | 5675c |
| intel | core_i3 | 2375m |
| intel | xeon_e5_2648l_v2 | - |
| intel | pentium_n | n4200 |
| intel | xeon_e5_2650_v2 | - |
| intel | core_i7 | 4910mq |
| intel | core_i7 | 4650u |
| intel | xeon_e3_1240l_v3 | - |
| intel | core_i3 | 4025u |
| intel | atom_e | e3826 |
| intel | xeon_e5 | 2667 |
| intel | core_i7 | 2675qm |
| intel | core_i3 | 3120m |
| intel | atom_c | c2718 |
| intel | xeon | l5618 |
| intel | atom_x5-e3940 | - |
| intel | core_i5 | 560um |
| intel | core_i7 | 4770te |
| intel | core_m3 | 7y30 |
| intel | core_i5 | 6600 |
| intel | xeon_e5 | 4667_v4 |
| intel | core_i5 | 4340m |
| intel | core_i5 | 670 |
| intel | xeon_e5_1428l_v3 | - |
| intel | core_i3 | 6006u |
| intel | atom_c | c3708 |
| intel | core_i3 | 2105 |
| intel | atom_c | c2530 |
| intel | xeon | x5550 |
| intel | core_i7 | 2649m |
| intel | core_m7 | 6y75 |
| intel | xeon | l3406 |
| intel | core_i7 | 920 |
| intel | core_i3 | 330um |
| intel | core_i7 | 5550u |
| intel | xeon_e3 | 1505m_v6 |
| intel | core_i3 | 8350k |
| intel | core_i5 | 650 |
| intel | xeon_gold | 6148 |
| intel | core_i5 | 2537m |
| intel | xeon_e3_1280_v2 | - |
| phoenixcontact | vl_bpc_2000_firmware | - |
| intel | core_i7 | 975 |
| intel | xeon_e3 | 1515m_v5 |
| phoenixcontact | vl_ipc_p7000_firmware | - |
| intel | core_i5 | 4308u |
| intel | core_i7 | 8700 |
| intel | xeon_e5_2618l_v4 | - |
| intel | pentium_j | j3710 |
| intel | core_i5 | 4570t |
| intel | xeon_e5_2620_v4 | - |
| intel | core_i7 | 940 |
| intel | core_i5 | 4570r |
| intel | xeon_e3_1285_v4 | - |
| intel | xeon_e5_1660_v2 | - |
| intel | xeon_e5_2450 | - |
| vmware | fusion | * |
| intel | xeon_e3_1281_v3 | - |
| intel | xeon_e5 | 4627_v3 |
| intel | xeon_e5_2650l_v3 | - |
| intel | xeon_e5 | 4640 |
| intel | xeon_silver | 4108 |
| intel | core_i7 | 990x |
| intel | xeon_e7 | 4850_v4 |
| intel | core_i5 | 5350u |
| intel | atom_x5-e3930 | - |
| intel | atom_z | z3530 |
| intel | celeron_j | j3455 |
| intel | xeon_e7 | 8860 |
| intel | core_i3 | 2365m |
| intel | core_i5 | 3339y |
| intel | xeon_e5 | 2680 |
| intel | xeon_e3_1275_v6 | - |
| intel | xeon_e5_2637_v4 | - |
| phoenixcontact | vl2_ppc_2000_firmware | - |
| intel | xeon_e5 | 2697_v3 |
| phoenixcontact | vl2_ppc7_1000_firmware | - |
| intel | core_i7 | 640m |
| intel | xeon_e5_2430 | - |
| intel | core_i5 | 3470s |
| intel | core_i5 | 3610me |
| intel | core_i7 | 2960xm |
| intel | atom_z | z3770 |
| intel | atom_c | c2338 |
| intel | xeon_e5 | 4603_v2 |
| intel | core_i3 | 2120 |
| intel | xeon_e5_2628l_v2 | - |
| intel | celeron_j | j3355 |
| intel | core_m | 5y31 |
| intel | core_i3 | 2340ue |
| intel | xeon_e5_2440 | - |
| intel | atom_z | z2480 |
| intel | xeon_e5_1630_v4 | - |
| phoenixcontact | dl_ppc21.5m_7000_firmware | - |
| intel | xeon_e5_2418l_v3 | - |
| intel | core_i7 | 2637m |
| debian | debian_linux | 9.0 |
| intel | core_i5 | 4670r |
| phoenixcontact | bl_bpc_3000_firmware | - |
| intel | core_i3 | 530 |
| intel | core_i7 | 2600s |
| intel | core_i5 | 661 |
| intel | core_i7 | 3540m |
| intel | core_i7 | 4960hq |
| intel | xeon_e3_1241_v3 | - |
| intel | xeon_e3_1271_v3 | - |
| intel | atom_e | e3815 |
| intel | core_i7 | 4750hq |
| intel | atom_z | z3460 |
| canonical | ubuntu_linux | 12.04 |
| intel | xeon_e5_2630l_v2 | - |
| intel | core_i3 | 4360 |
| netapp | hci | - |
| intel | xeon_e5 | 4669_v3 |
| intel | celeron_n | n3010 |
| intel | xeon_e5 | 4603 |
| intel | core_i7 | 960 |
| intel | core_i3 | 2102 |
| intel | core_i5 | 5287u |
| intel | core_i5 | 2520m |
| intel | core_m | 5y71 |
| arm | cortex-a9_firmware | - |
| intel | core_i7 | 7600u |
| pepperl-fuchs | btc14_firmware | - |
| intel | core_i5 | 5350h |
| intel | core_i5 | 5575r |
| intel | xeon | l7555 |
| intel | atom_z | z3740d |
| intel | core_i7 | 3537u |
| intel | core_i5 | 750s |
| intel | atom_x3 | c3230rk |
| intel | xeon_e5_2650l_v2 | - |
| intel | core_i7 | 3667u |
| intel | core_i3 | 4350t |
| intel | xeon_e7 | 8891_v2 |
| intel | xeon_phi | 7290 |
| intel | xeon_e5_1650 | - |
| intel | xeon_phi | 7210f |
| phoenixcontact | vl2_ppc12_1000_firmware | - |
| intel | xeon_e5_2603 | - |
| intel | atom_e | e3825 |
| intel | xeon_e5_1428l_v2 | - |
| intel | xeon_e5 | 2698_v4 |
| intel | xeon | e6540 |
| intel | core_i7 | 4765t |
| arm | cortex-x1_firmware | - |
| intel | celeron_j | j3060 |
| intel | core_i3 | 4010y |
| intel | atom_c | c2358 |
| intel | core_i5 | 4430 |
| intel | xeon_e7 | 4850_v3 |
| intel | xeon_e5_2648l_v3 | - |
| intel | core_i7 | 4712mq |
| phoenixcontact | bl_ppc17_7000_firmware | - |
| synology | diskstation_manager | * |
| intel | xeon_e5 | 4610_v3 |
| intel | xeon_silver | 4116 |
| intel | xeon | x5672 |
| intel | xeon_e5_1680_v4 | - |
| intel | core_i3 | 2100 |
| intel | core_m5 | 6y57 |
| intel | xeon_e7 | 2860 |
| intel | core_i7 | 2630qm |
| intel | xeon_e7 | 8890_v4 |
| intel | xeon_e7 | 4809_v2 |
| intel | xeon_e3_1245_v5 | - |
| intel | core_i7 | 5500u |
| intel | xeon_e3_1265l_v4 | - |
| arm | cortex-a76_firmware | - |
| intel | xeon_e5_2640_v4 | - |
| intel | core_i5 | 2300 |
| intel | xeon_e3_1270_v2 | - |
| intel | core_i3 | 6100te |
| intel | xeon_e7 | 4809_v4 |
| intel | xeon_e5_2450l_v2 | - |
| intel | core_i7 | 5850hq |
| intel | core_i7 | 7820hq |
| intel | core_i5 | 6402p |
| intel | core_i5 | 6400 |
| intel | xeon | w3680 |
| intel | core_i7 | 660lm |
| intel | core_i7 | 940xm |
| intel | xeon_silver | 4114t |
| intel | core_i7 | 980 |
| intel | core_i3 | 2130 |
| intel | xeon_e7 | 8880_v2 |
| intel | xeon_gold | 6134 |
| intel | core_i3 | 4130 |
| intel | core_i3 | 2100t |
| arm | cortex-a73_firmware | - |
| intel | atom_z | z2560 |
| intel | atom_z | z3480 |
| arm | cortex-a17_firmware | - |
| intel | xeon_e5_2420_v2 | - |
| intel | xeon | e5504 |
| intel | xeon | e5603 |
| intel | xeon_e3_1290 | - |
| intel | xeon | l5506 |
| intel | core_i5 | 6260u |
| intel | xeon_e3_1231_v3 | - |
| intel | xeon_e3_1270 | - |
| intel | xeon_e5_2643_v4 | - |
| intel | xeon_e5 | 4624l_v2 |
| intel | core_i3 | 2357m |
| intel | core_i3 | 4102e |
| vmware | esxi | 5.5.0 |
| intel | xeon_e7 | 8893_v2 |
| intel | core_i3 | 5005u |
| intel | core_i7 | 2760qm |
| intel | pentium_j | j2900 |
| intel | core_i7 | 2640m |
| intel | xeon_e5_2650_v4 | - |
| intel | xeon | e5507 |
| intel | atom_c | c3950 |
| intel | core_i5 | 4430s |
| intel | core_i5 | 2540m |
| intel | core_i7 | 4500u |
| intel | celeron_j | j1750 |
| intel | celeron_n | n2815 |
| intel | core_i3 | 4112e |
| intel | xeon_e7 | 8830 |
| intel | core_i7 | 950 |
| intel | xeon_e3_1245_v2 | - |
| intel | core_i5 | 2405s |
| intel | xeon_e5 | 4627_v2 |
| intel | atom_z | z3735e |
| phoenixcontact | vl_ppc_2000_firmware | - |
| intel | core_i7 | 3630qm |
| intel | xeon_e5_2408l_v3 | - |
| intel | core_i5 | 6200u |
| intel | core_i7 | 3635qm |
| intel | xeon_e5 | 4655_v3 |
| intel | atom_z | z2420 |
| intel | core_i5 | 3439y |
| intel | xeon_e5_2630_v3 | - |
| intel | atom_c | c2516 |
| intel | core_i3 | 4370t |
| intel | xeon | x7550 |
| intel | xeon_e5 | 2695_v4 |
| intel | xeon_e3_1285_v3 | - |
| intel | core_i7 | 4770t |
| intel | xeon_e7 | 8870_v2 |
| intel | xeon_platinum | 8156 |
| intel | celeron_n | n2820 |
| intel | xeon_e3_1258l_v4 | - |
| intel | core_i7 | 4722hq |
| intel | core_i3 | 2328m |
| intel | core_i3 | 4120u |
| intel | core_i5 | 3330 |
| intel | xeon | l5530 |
| intel | core_i5 | 6400t |
| intel | core_i3 | 4100u |
| intel | core_i5 | 4590s |
| intel | xeon_gold | 6150 |
| phoenixcontact | bl_ppc12_1000_firmware | - |
| intel | xeon_e5_2428l_v3 | - |
| intel | core_i7 | 620le |
| intel | atom_z | z3580 |
| intel | core_i5 | 4258u |
| intel | atom_c | c3750 |
| intel | xeon_e3 | 1575m_v5 |
| intel | xeon | e5640 |
| intel | xeon_e3 | 1545m_v5 |
| intel | pentium_n | n3710 |
| phoenixcontact | bl_ppc_1000_firmware | - |
| intel | core_i5 | 5675r |
| intel | core_i7 | 7y75 |
| intel | atom_c | c3538 |
| intel | core_i7 | 4700eq |
| intel | celeron_n | n3350 |
| intel | xeon_e5_2640_v3 | - |
| intel | xeon_e3_1225_v6 | - |
| intel | core_i5 | 4410e |
| intel | core_i7 | 2670qm |
| intel | xeon_e5 | 2687w_v3 |
| intel | xeon_e7 | 4860 |
| intel | xeon_e7 | 8867_v4 |
| intel | pentium_n | n3520 |
| intel | xeon | e5630 |
| intel | core_i5 | 430m |
| intel | core_i5 | 430um |
| intel | core_i5 | 4590 |
| phoenixcontact | vl2_ppc_7000_firmware | - |
| intel | xeon_platinum | 8160t |
| intel | xeon_e5 | 4650_v2 |
| suse | suse_linux_enterprise_software_development_kit | 11 |
| intel | core_i5 | 2550k |
| intel | core_i5 | 2400s |
| intel | celeron_n | n2806 |
| vmware | esxi | 6.5 |
| intel | core_i7 | 620ue |
| intel | atom_z | z3736f |
| intel | xeon_platinum | 8180 |
| intel | core_i5 | 4670k |
| intel | core_i7 | 4760hq |
| phoenixcontact | bl_rackmount_4u_firmware | - |
| intel | xeon_e3_1240_v2 | - |
| intel | core_i3 | 4100e |
| intel | atom_e | e3845 |
| intel | atom_c | c2730 |
| intel | core_i5 | 4690t |
| intel | xeon | e5607 |
| intel | xeon | w3690 |
| intel | xeon_e7 | 4807 |
| intel | core_i5 | 4210u |
| intel | core_i5 | 655k |
| intel | xeon_e7 | 4880_v2 |
| intel | core_i5 | 6440hq |
| intel | core_i3 | 6102e |
| intel | core_i5 | 3350p |
| intel | xeon_gold | 6126f |
| intel | atom_c | c2558 |
| intel | atom_x3 | c3205rk |
| intel | atom_z | z3770d |
| intel | xeon_e3_1280_v3 | - |
| intel | atom_z | z3775d |
| intel | core_i7 | 8650u |
| intel | atom_z | z3570 |
| phoenixcontact | bl_ppc_7000_firmware | - |
| intel | core_i3 | 4030y |
| intel | xeon_e7 | 8891_v4 |
| phoenixcontact | el_ppc_1000/m_firmware | - |
| intel | xeon_e5 | 2667_v3 |
| intel | atom_z | z3795 |
| intel | core_i3 | 8100 |
| intel | core_i7 | 4720hq |
| intel | core_m | 5y10a |
| intel | xeon_e5 | 2698_v3 |
| intel | xeon_e7 | 8860_v4 |
| intel | atom_x3 | c3235rk |
| intel | xeon_e5_2428l_v2 | - |
| intel | core_i5 | 4670s |
| intel | xeon_e3_1265l_v2 | - |
| intel | core_i7 | 4770s |
| intel | celeron_j | j1900 |
| intel | xeon_e5_2407 | - |
| intel | xeon_gold | 6144 |
| intel | xeon_platinum | 8176 |
| phoenixcontact | vl2_bpc_7000_firmware | - |
| intel | core_i5 | 5250u |
| intel | core_i3 | 6098p |
| intel | core_i7 | 7700t |
| intel | atom_z | z3735d |
| intel | core_i5 | 5200u |
| intel | core_i5 | 4440s |
| intel | xeon_e7 | 4830_v4 |
| intel | xeon_gold | 6142m |
| phoenixcontact | bl_bpc_3001_firmware | - |
| intel | xeon_e7 | 4830_v3 |
| intel | xeon_phi | 7230f |
| intel | xeon_e5 | 2660_v2 |
| intel | xeon_e5 | 2690_v2 |
| intel | celeron_n | n2807 |
| intel | xeon_phi | 7250f |
| intel | xeon_e3_1235l_v5 | - |
| intel | xeon | x3470 |
| intel | xeon_e5 | 4620 |
| intel | core_i3 | 4030u |
| intel | xeon | x3430 |
| intel | xeon_e5 | 4620_v3 |
| intel | core_i7 | 3770t |
| intel | atom_z | z3590 |
| intel | xeon_e3_1265l_v3 | - |
| intel | core_i7 | 875k |
| intel | core_i7 | 2629m |
| intel | atom_c | c2316 |
| intel | xeon_e3_1225_v5 | - |
| phoenixcontact | dl_ppc15_1000_firmware | - |
| intel | core_i7 | 3610qm |
| intel | xeon_platinum | 8160f |
| intel | core_i7 | 2715qe |
| intel | xeon_e7 | 2870 |
| intel | core_i5 | 4690k |
| intel | xeon_e7 | 2830 |
| intel | xeon_e3_1270_v6 | - |
| intel | core_i7 | 4610m |
| intel | xeon_e3_1220_v5 | - |
| intel | xeon_gold | 6154 |
| intel | xeon_e3 | 1535m_v6 |
| intel | xeon_e5 | 2690_v3 |
| intel | core_i7 | 3610qe |
| intel | core_i7 | 4790k |
| intel | atom_c | c3308 |
| intel | core_i5 | 3470 |
| intel | xeon | e5520 |
| intel | core_i3 | 4370 |
| intel | xeon_e5 | 2680_v2 |
| intel | xeon_e3 | 1585l_v5 |
| arm | cortex-r7_firmware | - |
| phoenixcontact | vl_bpc_1000_firmware | - |
| intel | core_i3 | 380um |
| intel | core_i7 | 3632qm |
| intel | xeon_e5 | 4607_v2 |
| intel | core_i3 | 6300 |
| intel | core_i3 | 4000m |
| intel | core_i5 | 540m |
| intel | core_i5 | 6267u |
| intel | core_i7 | 3770k |
| intel | xeon | lc5518 |
| intel | core_i7 | 4950hq |
| intel | core_i3 | 2370m |
| intel | core_i5 | 520m |
| siemens | simatic_itc1900_firmware | * |
| intel | xeon | ec5539 |
| intel | atom_x3 | c3200rk |
| intel | celeron_n | n2910 |
| intel | xeon_e5 | 2665 |
| intel | xeon_e5_2450l | - |
| intel | xeon_e5_2609 | - |
| intel | atom_c | c3338 |
| intel | xeon_e5_2418l | - |
| intel | xeon_e3_1260l_v5 | - |
| intel | xeon_e3_1240_v3 | - |
| intel | core_i3 | 3220 |
| intel | xeon_e5_1650_v3 | - |
| intel | core_i3 | 5010u |
| intel | core_i5 | 6500 |
| intel | atom_c | c3508 |
| intel | xeon | x5680 |
| intel | xeon_e5 | 2650l_v4 |
| intel | xeon_e7 | 4820_v4 |
| intel | xeon_platinum | 8176m |
| intel | xeon_e3_1245_v3 | - |
| intel | xeon | l7545 |
| intel | xeon_e3_1286_v3 | - |
| intel | xeon_e5_2628l_v3 | - |
| intel | core_i7 | 7700 |
| intel | core_i5 | 4210h |
| intel | core_i3 | 2367m |
| intel | xeon | x7560 |
| vmware | esxi | 6.0 |
| intel | core_i5 | 6500te |
| intel | core_i7 | 3612qm |
| intel | xeon | lc5528 |
| intel | atom_x3 | c3130 |
| intel | xeon_e3_1230_v2 | - |
| intel | xeon_e5 | 2658 |
| intel | core_i7 | 3612qe |
| intel | core_i7 | 5650u |
| intel | core_m5 | 6y54 |
| intel | xeon | x5667 |
| intel | core_i3 | 4150t |
| intel | atom_z | z3735g |
| intel | xeon_e3_1285l_v4 | - |
| phoenixcontact | el_ppc_1000/wt_firmware | - |
| intel | core_i3 | 3250 |
| intel | xeon_e3_1505l_v6 | - |
| intel | xeon_e5_2630l_v4 | - |
| intel | core_i5 | 520e |
| intel | core_i7 | 5950hq |
| intel | core_i3 | 4110e |
| pepperl-fuchs | visunet_rm_shell | - |
| intel | xeon_e7 | 2820 |
| intel | xeon_e5 | 4617 |
| intel | core_i7 | 2657m |
| intel | xeon_e3_1230_v6 | - |
| intel | core_i5 | 4402ec |
| intel | core_i7 | 2860qm |
| intel | xeon_e5 | 4660_v3 |
| intel | core_i5 | 480m |
| intel | core_i3 | 3210 |
| intel | core_i5 | 8250u |
| intel | xeon_e5_2623_v4 | - |
| intel | xeon | ec5549 |
| intel | xeon_e3_1105c_v2 | - |
| intel | atom_c | c2750 |
| intel | core_i7 | 620lm |
| intel | atom_z | z3745d |
| intel | xeon_gold | 6128 |
| intel | xeon_e3_1505m_v5 | - |
| intel | core_i7 | 660ue |
| intel | core_i5 | 4360u |
| intel | xeon_e3_1275 | - |
| intel | xeon | x5560 |
| intel | core_i5 | 2510e |
| intel | pentium_n | n3540 |
| intel | xeon_e7 | 8870_v4 |
| intel | xeon_platinum | 8170 |
| phoenixcontact | vl2_ppc_3000_firmware | - |
| intel | xeon_e5_2430l_v2 | - |
| intel | core_i5 | 3230m |
| intel | xeon_e3_1240_v6 | - |
| intel | xeon_e5_2630 | - |
| intel | core_i5 | 2310 |
| intel | xeon_e5 | 2670_v2 |
| intel | xeon_e5 | 2699r_v4 |
| intel | xeon_e5 | 4640_v3 |
| intel | xeon_e5 | 4627_v4 |
| intel | xeon_e7 | 2850_v2 |
| intel | core_i3 | 3217u |
| intel | core_i7 | 2600 |
| intel | core_i5 | 4400e |
| intel | core_m | 5y10 |
| intel | core_i3 | 3225 |
| intel | core_i5 | 3550s |
| intel | xeon_e5 | 2695_v3 |
| intel | xeon_e5_2643_v2 | - |
| intel | core_i3 | 3229y |
| intel | core_i7 | 3820qm |
| intel | xeon_e5_1660_v3 | - |
| intel | core_i5 | 4330m |
| intel | xeon_e5 | 2697a_v4 |
| intel | core_i5 | 3475s |
| intel | core_i3 | 6100e |
| intel | xeon_gold | 5120t |
| intel | celeron_n | n3150 |
| intel | xeon | x5687 |
| intel | core_i3 | 4160 |
| intel | core_i7 | 870 |
| intel | xeon_e5_2648l_v4 | - |
| intel | core_i3 | 390m |
| intel | xeon_bronze_3106 | - |
| intel | core_i3 | 4330te |
| intel | core_i7 | 4578u |
| intel | celeron_n | n2920 |
| intel | core_i7 | 2700k |
| intel | core_i7 | 4900mq |
| intel | xeon_e7 | 8890_v3 |
| arm | cortex-a78ae_firmware | - |
| intel | core_i7 | 4790s |
| intel | xeon_e7 | 8857_v2 |
| intel | core_i7 | 4770hq |
| intel | xeon | x7542 |
| intel | atom_x3 | c3265rk |
| intel | xeon | e6510 |
| intel | core_i7 | 860 |
| intel | core_i7 | 870s |
| intel | xeon_e3_1220l_v3 | - |
| intel | xeon_e5 | 2658_v3 |
| intel | xeon_e5 | 2690_v4 |
| intel | xeon_e5 | 2680_v3 |
| intel | xeon_e5 | 2683_v3 |
| intel | core_i3 | 4130t |
| intel | core_i5 | 4460 |
| intel | core_i7 | 4870hq |
| intel | core_i7 | 680um |
| siemens | simatic_itc1900_pro_firmware | * |
| intel | celeron_j | j1800 |
| intel | xeon_phi | 7285 |
| intel | core_i5 | 6360u |
| intel | core_i3 | 3227u |
| intel | xeon_e5_1620_v2 | - |
| intel | core_i3 | 6300t |
| intel | xeon | x5675 |
| intel | xeon_gold | 6142f |
| intel | xeon_e3_1275l_v3 | - |
| intel | core_i7 | 7500u |
| intel | core_i7 | 3720qm |
| intel | core_i5 | 4200y |
| intel | core_i7 | 3770 |
| intel | atom_c | c2308 |
| intel | core_i5 | 4202y |
| intel | xeon_e7 | 8891_v3 |
| intel | celeron_j | j4005 |
| intel | core_i7 | 740qm |
| intel | xeon_e5 | 4667_v3 |
| intel | core_i3 | 4340 |
| debian | debian_linux | 8.0 |
| siemens | simatic_itc2200_pro_firmware | * |
| intel | xeon_e5_2609_v4 | - |
| intel | xeon_platinum | 8168 |
| intel | xeon_e5_2418l_v2 | - |
| intel | celeron_n | n4000 |
| intel | xeon | e5649 |
| intel | core_i7 | 7700hq |
| intel | core_i3 | 4012y |
| intel | core_i3 | 5015u |
| intel | core_i7 | 620m |
| intel | core_i5 | 6685r |
| intel | core_i5 | 580m |
| phoenixcontact | vl2_bpc_3000_firmware | - |
| intel | atom_c | c2508 |
| intel | xeon_phi | 7250 |
| intel | core_i5 | 540um |
| intel | core_i3 | 350m |
| intel | core_i7 | 3520m |
| intel | xeon_e5 | 4620_v2 |
| intel | xeon | e5606 |
| intel | core_i5 | 6585r |
| intel | xeon_e5_2637 | - |
| intel | xeon | x5647 |
| intel | core_i5 | 2380p |
| intel | xeon_platinum | 8158 |
| intel | xeon_e5 | 2658a_v3 |
| phoenixcontact | valueline_ipc_firmware | - |
| intel | core_i7 | 4700mq |
| intel | core_i7 | 4702ec |
| intel | celeron_n | n3450 |
| intel | xeon_gold | 5120 |
| intel | xeon_e5 | 4650_v4 |
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.3.0 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.2 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.1 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.0 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.3 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.3.2 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.3.3 |
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.3.0 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.2 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.1 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.0 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.3 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.3.2 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.3.3 |
In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.3.0 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.2 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.4.1 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.3.2 |
| vmware | single_sign-on_for_pivotal_cloud_foundry | 1.3.3 |
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
| vmware | spring_boot | 2.0.0 |
| pivotal_software | spring_data_rest | 3.0.0 |
| pivotal_software | spring_data_rest | * |
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_clearance_optimization_engine | 14.0.5 |
| oracle | enterprise_manager_base_platform | 13.2.0.0.0 |
| oracle | agile_plm | 9.3.6 |
| oracle | agile_plm | 9.3.3 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | retail_financial_integration | 15.0 |
| oracle | retail_financial_integration | 16.0 |
| oracle | enterprise_manager_for_mysql_database | 13.2 |
| oracle | health_sciences_information_manager | 3.0 |
| oracle | mysql_enterprise_monitor | * |
| vmware | spring_framework | * |
| oracle | retail_financial_integration | 13.2 |
| oracle | healthcare_master_person_index | 4.0 |
| oracle | retail_assortment_planning | 14.1 |
| oracle | insurance_calculation_engine | 10.2 |
| oracle | communications_unified_inventory_management | 7.3.2 |
| oracle | endeca_information_discovery_integrator | 3.2.0 |
| oracle | agile_plm | 9.3.5 |
| oracle | hospitality_guest_access | 4.2.1 |
| oracle | weblogic_server | 12.2.1.3.0 |
| oracle | retail_customer_insights | 15.0 |
| oracle | retail_predictive_application_server | 14.1.3.37 |
| oracle | retail_predictive_application_server | 14.0.3.26 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | retail_financial_integration | 14.1 |
| oracle | retail_assortment_planning | 15.0 |
| oracle | communications_diameter_signaling_router | * |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | agile_plm | 9.3.4 |
| oracle | retail_financial_integration | 14.0 |
| oracle | retail_predictive_application_server | 15.0.3..100 |
| oracle | communications_unified_inventory_management | 7.3.5 |
| oracle | retail_assortment_planning | 16.0 |
| oracle | retail_markdown_optimization | 13.4.4 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | communications_unified_inventory_management | 7.4.0 |
| oracle | weblogic_server | 10.3.6.0.0 |
| oracle | micros_lucas | 2.9.5 |
| oracle | retail_advanced_inventory_planning | 15.0 |
| oracle | communications_online_mediation_controller | 6.1 |
| oracle | enterprise_manager_base_platform | 12.1.0.5.0 |
| oracle | weblogic_server | 12.1.3.0.0 |
| oracle | hospitality_guest_access | 4.2.0 |
| oracle | retail_integration_bus | 14.1.2 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | enterprise_manager_base_platform | 13.3.0.0.0 |
| oracle | insurance_calculation_engine | * |
| oracle | utilities_network_management_system | 1.12.0.3 |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | communications_services_gatekeeper | * |
| oracle | retail_xstore_point_of_service | 7.1 |
| oracle | communications_unified_inventory_management | 7.3.4 |
| oracle | communications_performance_intelligence_center | * |
| oracle | endeca_information_discovery_integrator | 3.1.0 |
| oracle | retail_predictive_application_server | 16.0 |
| oracle | retail_customer_insights | 16.0 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 18.8 |
| oracle | healthcare_master_person_index | 3.0 |
| oracle | communications_network_integrity | * |
| debian | debian_linux | 9.0 |
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-829,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_clearance_optimization_engine | 14.0.5 |
| oracle | retail_predictive_application_server | 15.0.3.100 |
| oracle | agile_product_lifecycle_management | 9.3.5 |
| oracle | flexcube_private_banking | 12.0.1.0 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | enterprise_manager | 13.2 |
| oracle | mysql_enterprise_monitor | * |
| vmware | spring_framework | * |
| oracle | healthcare_master_person_index | 4.0 |
| oracle | flexcube_private_banking | 2.0.0.0 |
| oracle | communications_unified_inventory_management | 7.3.2 |
| oracle | endeca_information_discovery_integrator | 3.2.0 |
| oracle | agile_product_lifecycle_management | 9.3.4 |
| oracle | hospitality_guest_access | 4.2.1 |
| oracle | weblogic_server | 12.2.1.3.0 |
| oracle | retail_customer_insights | 15.0 |
| oracle | retail_predictive_application_server | 14.1.3.37 |
| oracle | retail_predictive_application_server | 14.0.3.26 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | product_lifecycle_management | 9.3.6 |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | retail_service_backbone | 16.0.1 |
| oracle | communications_unified_inventory_management | 7.3.5 |
| oracle | retail_markdown_optimization | 13.4.4 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | agile_product_lifecycle_management | 9.3.3 |
| oracle | communications_unified_inventory_management | 7.4.0 |
| oracle | flexcube_private_banking | 12.1.0.0 |
| oracle | micros_lucas | 2.9.5 |
| oracle | retail_advanced_inventory_planning | 15.0 |
| oracle | communications_online_mediation_controller | 6.1 |
| oracle | hospitality_guest_access | 4.2.0 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | insurance_calculation_engine | * |
| oracle | utilities_network_management_system | 1.12.0.3 |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | communications_services_gatekeeper | * |
| oracle | retail_xstore_point_of_service | 7.1 |
| oracle | communications_unified_inventory_management | 7.3.4 |
| oracle | endeca_information_discovery_integrator | 3.1.0 |
| oracle | retail_predictive_application_server | 16.0 |
| oracle | retail_customer_insights | 16.0 |
| oracle | flexcube_private_banking | 12.0.3.0 |
| oracle | healthcare_master_person_index | 3.0 |
| oracle | communications_network_integrity | * |
| oracle | flexcube_private_banking | 2.2.0.1 |
| debian | debian_linux | 9.0 |
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_data_protection | 6.0.3 |
| vmware | vsphere_data_protection | 6.0.5 |
| vmware | vsphere_data_protection | 6.0.8 |
| dell | emc_avamar | 7.2.1 |
| vmware | vsphere_data_protection | 6.1.4 |
| vmware | vsphere_data_protection | 6.1.3 |
| vmware | vsphere_data_protection | 6.0.4 |
| dell | emc_avamar | 7.3.1 |
| vmware | vsphere_data_protection | 6.1.1 |
| dell | emc_avamar | 7.4.1 |
| dell | emc_avamar | 7.5.1 |
| dell | emc_avamar | 7.3.0 |
| dell | emc_integrated_data_protection_appliance | 2.0 |
| vmware | vsphere_data_protection | 6.1.2 |
| vmware | vsphere_data_protection | 6.0.7 |
| dell | emc_avamar | 7.5.0 |
| vmware | vsphere_data_protection | 6.1.9 |
| vmware | vsphere_data_protection | 6.1.5 |
| dell | emc_integrated_data_protection_appliance | 2.2 |
| vmware | vsphere_data_protection | 6.1.7 |
| vmware | vsphere_data_protection | 6.1.0 |
| vmware | vsphere_data_protection | 6.0.6 |
| vmware | vsphere_data_protection | 6.0.0 |
| dell | emc_avamar | 7.2.0 |
| dell | emc_integrated_data_protection_appliance | 2.1 |
| dell | emc_avamar | 7.4.0 |
| vmware | vsphere_data_protection | 6.0.1 |
| dell | emc_avamar | 18.1 |
| vmware | vsphere_data_protection | 6.1.6 |
| vmware | vsphere_data_protection | 6.1.8 |
| vmware | vsphere_data_protection | 6.0.2 |
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_data_protection | 6.0.3 |
| vmware | vsphere_data_protection | 6.0.5 |
| vmware | vsphere_data_protection | 6.0.8 |
| dell | emc_avamar | 7.2.1 |
| vmware | vsphere_data_protection | 6.1.4 |
| vmware | vsphere_data_protection | 6.1.3 |
| vmware | vsphere_data_protection | 6.0.4 |
| dell | emc_avamar | 7.3.1 |
| vmware | vsphere_data_protection | 6.1.1 |
| dell | emc_avamar | 7.4.1 |
| dell | emc_avamar | 7.5.1 |
| dell | emc_avamar | 7.3.0 |
| dell | emc_integrated_data_protection_appliance | 2.0 |
| vmware | vsphere_data_protection | 6.1.2 |
| vmware | vsphere_data_protection | 6.0.7 |
| dell | emc_avamar | 7.5.0 |
| vmware | vsphere_data_protection | 6.1.9 |
| vmware | vsphere_data_protection | 6.1.5 |
| dell | emc_integrated_data_protection_appliance | 2.2 |
| vmware | vsphere_data_protection | 6.1.7 |
| vmware | vsphere_data_protection | 6.1.0 |
| vmware | vsphere_data_protection | 6.0.6 |
| vmware | vsphere_data_protection | 6.0.0 |
| dell | emc_avamar | 7.2.0 |
| dell | emc_integrated_data_protection_appliance | 2.1 |
| dell | emc_avamar | 7.4.0 |
| vmware | vsphere_data_protection | 6.0.1 |
| dell | emc_avamar | 18.1 |
| vmware | vsphere_data_protection | 6.1.6 |
| vmware | vsphere_data_protection | 6.1.8 |
| vmware | vsphere_data_protection | 6.0.2 |
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_data_protection | 6.0.3 |
| vmware | vsphere_data_protection | 6.0.5 |
| vmware | vsphere_data_protection | 6.0.8 |
| dell | emc_avamar | 7.2.1 |
| vmware | vsphere_data_protection | 6.1.4 |
| vmware | vsphere_data_protection | 6.1.3 |
| vmware | vsphere_data_protection | 6.0.4 |
| dell | emc_avamar | 7.3.1 |
| vmware | vsphere_data_protection | 6.1.1 |
| dell | emc_avamar | 7.4.1 |
| dell | emc_avamar | 7.3.0 |
| dell | emc_integrated_data_protection_appliance | 2.0 |
| vmware | vsphere_data_protection | 6.1.2 |
| vmware | vsphere_data_protection | 6.0.7 |
| vmware | vsphere_data_protection | 6.1.9 |
| vmware | vsphere_data_protection | 6.1.5 |
| vmware | vsphere_data_protection | 6.1.7 |
| vmware | vsphere_data_protection | 6.1.0 |
| vmware | vsphere_data_protection | 6.0.6 |
| vmware | vsphere_data_protection | 6.0.0 |
| dell | emc_avamar | 7.2.0 |
| dell | emc_avamar | 7.4.0 |
| vmware | vsphere_data_protection | 6.0.1 |
| vmware | vsphere_data_protection | 6.1.6 |
| vmware | vsphere_data_protection | 6.1.8 |
| vmware | vsphere_data_protection | 6.0.2 |
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_data_protection | 6.0.3 |
| vmware | vsphere_data_protection | 6.0.5 |
| vmware | vsphere_data_protection | 6.0.8 |
| dell | emc_avamar | 7.2.1 |
| vmware | vsphere_data_protection | 6.1.4 |
| vmware | vsphere_data_protection | 6.1.3 |
| vmware | vsphere_data_protection | 6.0.4 |
| dell | emc_avamar | 7.3.1 |
| vmware | vsphere_data_protection | 6.1.1 |
| dell | emc_avamar | 7.4.1 |
| dell | emc_avamar | 7.5.1 |
| dell | emc_avamar | 7.3.0 |
| dell | emc_integrated_data_protection_appliance | 2.0 |
| vmware | vsphere_data_protection | 6.1.2 |
| vmware | vsphere_data_protection | 6.0.7 |
| dell | emc_avamar | 7.5.0 |
| vmware | vsphere_data_protection | 6.1.9 |
| vmware | vsphere_data_protection | 6.1.5 |
| dell | emc_integrated_data_protection_appliance | 2.2 |
| vmware | vsphere_data_protection | 6.1.7 |
| vmware | vsphere_data_protection | 6.1.0 |
| vmware | vsphere_data_protection | 6.0.6 |
| vmware | vsphere_data_protection | 6.0.0 |
| dell | emc_avamar | 7.2.0 |
| dell | emc_integrated_data_protection_appliance | 2.1 |
| dell | emc_avamar | 7.4.0 |
| vmware | vsphere_data_protection | 6.0.1 |
| dell | emc_avamar | 18.1 |
| vmware | vsphere_data_protection | 6.1.6 |
| vmware | vsphere_data_protection | 6.1.8 |
| vmware | vsphere_data_protection | 6.0.2 |
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | rabbitmq | * |
| pivotal_software | spring_advanced_message_queuing_protocol | * |
| vmware | rabbitmq_java_client | * |
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
| vmware | spring_boot | 2.0.0 |
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | fuse | 1.0 |
| oracle | retail_xstore_point_of_service | 7.1 |
| vmware | spring_framework | * |
| oracle | rapid_planning | 12.2 |
| vmware | spring_security | * |
| oracle | rapid_planning | 12.1 |
Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_sso_connector | 2.1.2 |
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | enterprise_manager_base_platform | 13.2.0.0.0 |
| oracle | retail_predictive_application_server | 14.1 |
| oracle | agile_product_lifecycle_management | 9.3.5 |
| oracle | flexcube_private_banking | 12.0.1.0 |
| oracle | tape_library_acsls | 8.4 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | goldengate_for_big_data | 12.3.1.1 |
| oracle | big_data_discovery | 1.6.0 |
| oracle | enterprise_manager_for_mysql_database | 13.2 |
| oracle | primavera_gateway | 16.2 |
| oracle | health_sciences_information_manager | 3.0 |
| vmware | spring_framework | * |
| oracle | retail_predictive_application_server | 14.0 |
| oracle | healthcare_master_person_index | 4.0 |
| redhat | openshift | - |
| oracle | retail_open_commerce_platform | 5.3.0 |
| oracle | insurance_calculation_engine | 10.2 |
| oracle | flexcube_private_banking | 2.0.0.0 |
| oracle | communications_unified_inventory_management | 7.3.2 |
| oracle | retail_order_broker | 5.1 |
| oracle | endeca_information_discovery_integrator | 3.2.0 |
| oracle | agile_product_lifecycle_management | 9.3.4 |
| oracle | hospitality_guest_access | 4.2.1 |
| oracle | weblogic_server | 12.2.1.3.0 |
| oracle | retail_customer_insights | 15.0 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | insurance_rules_palette | 10.1 |
| oracle | communications_diameter_signaling_router | * |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | retail_open_commerce_platform | 6.0.1 |
| oracle | communications_unified_inventory_management | 7.3.5 |
| oracle | goldengate_for_big_data | 12.3.2.1 |
| oracle | service_architecture_leveraging_tuxedo | 12.1.3.0.0 |
| oracle | retail_order_broker | 16.0 |
| oracle | retail_predictive_application_server | 15.0 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | agile_product_lifecycle_management | 9.3.3 |
| oracle | communications_unified_inventory_management | 7.4.0 |
| oracle | weblogic_server | 10.3.6.0.0 |
| oracle | flexcube_private_banking | 12.1.0.0 |
| oracle | insurance_rules_palette | 11.1 |
| oracle | primavera_gateway | 17.12 |
| oracle | enterprise_manager_base_platform | 12.1.0.5.0 |
| oracle | retail_order_broker | 15.0 |
| oracle | weblogic_server | 12.1.3.0.0 |
| oracle | insurance_calculation_engine | 10.2.1 |
| oracle | hospitality_guest_access | 4.2.0 |
| oracle | goldengate_for_big_data | 12.2.0.1 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | service_architecture_leveraging_tuxedo | 12.2.2.0.0 |
| oracle | enterprise_manager_base_platform | 13.3.0.0.0 |
| oracle | utilities_network_management_system | 1.12.0.3 |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | retail_open_commerce_platform | 6.0.0 |
| oracle | agile_product_lifecycle_management | 9.3.6 |
| oracle | communications_services_gatekeeper | * |
| oracle | communications_unified_inventory_management | 7.3.4 |
| oracle | insurance_rules_palette | 11.0 |
| oracle | communications_converged_application_server | * |
| oracle | communications_performance_intelligence_center | * |
| oracle | endeca_information_discovery_integrator | 3.1.0 |
| oracle | retail_predictive_application_server | 16.0 |
| oracle | primavera_gateway | 15.2 |
| oracle | retail_customer_insights | 16.0 |
| oracle | insurance_calculation_engine | 10.1.1 |
| oracle | flexcube_private_banking | 12.0.3.0 |
| oracle | healthcare_master_person_index | 3.0 |
| oracle | retail_order_broker | 5.2 |
| oracle | flexcube_private_banking | 2.2.0.1 |
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | agile_plm | 9.3.6 |
| oracle | insurance_policy_administration | 10.0 |
| oracle | tape_library_acsls | 8.4 |
| oracle | agile_plm | 9.3.3 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | goldengate_for_big_data | 12.3.1.1 |
| oracle | retail_financial_integration | 15.0 |
| redhat | fuse | 7.3.0 |
| oracle | big_data_discovery | 1.6.0 |
| oracle | insurance_policy_administration | 11.0 |
| oracle | peoplesoft_enterprise_fin_install | 9.2 |
| oracle | retail_financial_integration | 16.0 |
| oracle | enterprise_manager_for_mysql_database | 13.2 |
| oracle | health_sciences_information_manager | 3.0 |
| oracle | mysql_enterprise_monitor | * |
| oracle | enterprise_manager_ops_center | 12.2.2 |
| oracle | retail_financial_integration | 13.2 |
| oracle | healthcare_master_person_index | 4.0 |
| oracle | retail_assortment_planning | 14.1 |
| oracle | insurance_calculation_engine | 10.2 |
| oracle | endeca_information_discovery_integrator | 3.2.0 |
| oracle | insurance_policy_administration | 10.2 |
| oracle | agile_plm | 9.3.5 |
| oracle | hospitality_guest_access | 4.2.1 |
| oracle | retail_returns_management | 14.1 |
| oracle | retail_central_office | 14.1 |
| oracle | retail_customer_insights | 15.0 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | retail_financial_integration | 14.1 |
| oracle | insurance_rules_palette | 10.1 |
| oracle | retail_assortment_planning | 15.0 |
| oracle | communications_diameter_signaling_router | * |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | insurance_policy_administration | 10.1 |
| oracle | retail_central_office | 14.0 |
| oracle | agile_plm | 9.3.4 |
| netapp | snapcenter | - |
| oracle | retail_back_office | 14.0 |
| oracle | retail_financial_integration | 14.0 |
| netapp | oncommand_workflow_automation | - |
| oracle | retail_point-of-service | 14.1 |
| netapp | oncommand_insight | - |
| oracle | goldengate_for_big_data | 12.3.2.1 |
| oracle | retail_assortment_planning | 16.0 |
| oracle | service_architecture_leveraging_tuxedo | 12.1.3.0.0 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | micros_lucas | 2.9.5 |
| oracle | insurance_rules_palette | 11.1 |
| oracle | weblogic_server | 12.1.3.0 |
| oracle | weblogic_server | 10.3.6.0 |
| netapp | oncommand_unified_manager | * |
| netapp | storage_automation_store | - |
| oracle | insurance_calculation_engine | 10.2.1 |
| oracle | hospitality_guest_access | 4.2.0 |
| oracle | goldengate_for_big_data | 12.2.0.1 |
| oracle | retail_integration_bus | 14.1.2 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | service_architecture_leveraging_tuxedo | 12.2.2.0.0 |
| oracle | enterprise_repository | 11.1.1.7.0 |
| oracle | application_testing_suite | 10.1 |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | weblogic_server | 12.2.1.3 |
| oracle | retail_back_office | 14.1 |
| oracle | communications_services_gatekeeper | * |
| oracle | retail_returns_management | 14.0 |
| oracle | retail_point-of-service | 14.0 |
| oracle | insurance_rules_palette | 11.0 |
| oracle | communications_converged_application_server | * |
| oracle | communications_performance_intelligence_center | * |
| oracle | weblogic_server | 12.2.1.2 |
| oracle | endeca_information_discovery_integrator | 3.1.0 |
| vmware | spring_framework | 5.0.5 |
| oracle | retail_customer_insights | 16.0 |
| oracle | insurance_calculation_engine | 10.1.1 |
| oracle | retail_xstore_point_of_service | 17.0 |
| oracle | healthcare_master_person_index | 3.0 |
| pivotal_software | spring_security | * |
| oracle | communications_network_integrity | * |
| oracle | enterprise_repository | 12.1.3.0.0 |
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N | 1.0 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_integration_zip | * |
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N | 1.0 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_integration_zip | * |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,CWE-358,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_predictive_application_server | 14.1 |
| oracle | tape_library_acsls | 8.4 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | goldengate_for_big_data | 12.3.1.1 |
| oracle | big_data_discovery | 1.6.0 |
| oracle | primavera_gateway | 16.2 |
| oracle | health_sciences_information_manager | 3.0 |
| oracle | enterprise_manager_ops_center | 12.2.2 |
| vmware | spring_framework | * |
| oracle | retail_integration_bus | 14.0.2 |
| oracle | retail_predictive_application_server | 14.0 |
| oracle | healthcare_master_person_index | 4.0 |
| oracle | retail_open_commerce_platform | 5.3.0 |
| oracle | insurance_calculation_engine | 10.2 |
| oracle | retail_order_broker | 5.1 |
| oracle | retail_returns_management | 14.1 |
| oracle | retail_central_office | 14.1 |
| oracle | retail_customer_insights | 15.0 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | retail_integration_bus | 15.0.0.1 |
| oracle | insurance_rules_palette | 10.1 |
| oracle | communications_diameter_signaling_router | * |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | retail_open_commerce_platform | 6.0.1 |
| oracle | retail_central_office | 14.0 |
| oracle | retail_back_office | 14.0 |
| oracle | goldengate_for_big_data | 12.3.2.1 |
| oracle | retail_integration_bus | 14.0.3 |
| oracle | service_architecture_leveraging_tuxedo | 12.1.3.0.0 |
| oracle | retail_order_broker | 16.0 |
| oracle | retail_integration_bus | 14.0.4 |
| oracle | retail_predictive_application_server | 15.0 |
| redhat | fuse | 1.0.0 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | retail_integration_bus | 16.0 |
| oracle | insurance_rules_palette | 11.1 |
| oracle | primavera_gateway | 17.12 |
| oracle | retail_order_broker | 15.0 |
| oracle | retail_integration_bus | 15.0.1 |
| oracle | insurance_calculation_engine | 10.2.1 |
| oracle | retail_point-of-sale | 14.1 |
| oracle | goldengate_for_big_data | 12.2.0.1 |
| oracle | retail_integration_bus | 14.1.2 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | service_architecture_leveraging_tuxedo | 12.2.2.0.0 |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | retail_open_commerce_platform | 6.0.0 |
| oracle | retail_integration_bus | 14.0.1 |
| oracle | retail_back_office | 14.1 |
| oracle | communications_services_gatekeeper | * |
| oracle | retail_xstore_point_of_service | 7.1 |
| oracle | retail_returns_management | 14.0 |
| oracle | insurance_rules_palette | 11.0 |
| oracle | retail_point-of-sale | 14.0 |
| oracle | communications_converged_application_server | * |
| oracle | communications_performance_intelligence_center | * |
| oracle | retail_predictive_application_server | 16.0 |
| oracle | retail_integration_bus | 16.0.1 |
| oracle | primavera_gateway | 15.2 |
| oracle | retail_customer_insights | 16.0 |
| oracle | insurance_calculation_engine | 10.1.1 |
| oracle | retail_integration_bus | 15.0.2 |
| oracle | healthcare_master_person_index | 3.0 |
| oracle | retail_integration_bus | 14.1.3 |
| oracle | retail_integration_bus | 16.0.2 |
| oracle | retail_integration_bus | 14.1.1 |
| oracle | retail_order_broker | 5.2 |
| debian | debian_linux | 9.0 |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_predictive_application_server | 14.1 |
| oracle | tape_library_acsls | 8.4 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | goldengate_for_big_data | 12.3.1.1 |
| oracle | big_data_discovery | 1.6.0 |
| oracle | primavera_gateway | 16.2 |
| oracle | health_sciences_information_manager | 3.0 |
| oracle | enterprise_manager_ops_center | 12.2.2 |
| vmware | spring_framework | * |
| oracle | retail_integration_bus | 14.0.2 |
| oracle | retail_predictive_application_server | 14.0 |
| oracle | healthcare_master_person_index | 4.0 |
| oracle | retail_open_commerce_platform | 5.3.0 |
| oracle | insurance_calculation_engine | 10.2 |
| oracle | retail_order_broker | 5.1 |
| oracle | retail_returns_management | 14.1 |
| oracle | retail_central_office | 14.1 |
| oracle | retail_customer_insights | 15.0 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | retail_integration_bus | 15.0.0.1 |
| oracle | insurance_rules_palette | 10.1 |
| oracle | communications_diameter_signaling_router | * |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | retail_open_commerce_platform | 6.0.1 |
| oracle | retail_central_office | 14.0 |
| oracle | retail_back_office | 14.0 |
| oracle | goldengate_for_big_data | 12.3.2.1 |
| oracle | retail_integration_bus | 14.0.3 |
| oracle | service_architecture_leveraging_tuxedo | 12.1.3.0.0 |
| oracle | retail_order_broker | 16.0 |
| oracle | retail_integration_bus | 14.0.4 |
| oracle | retail_predictive_application_server | 15.0 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | retail_integration_bus | 16.0 |
| oracle | insurance_rules_palette | 11.1 |
| oracle | primavera_gateway | 17.12 |
| oracle | retail_order_broker | 15.0 |
| oracle | retail_integration_bus | 15.0.1 |
| oracle | insurance_calculation_engine | 10.2.1 |
| oracle | retail_point-of-sale | 14.1 |
| oracle | goldengate_for_big_data | 12.2.0.1 |
| oracle | retail_integration_bus | 14.1.2 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | service_architecture_leveraging_tuxedo | 12.2.2.0.0 |
| oracle | insurance_calculation_engine | * |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | retail_open_commerce_platform | 6.0.0 |
| oracle | retail_integration_bus | 14.0.1 |
| oracle | retail_back_office | 14.1 |
| oracle | communications_services_gatekeeper | * |
| oracle | retail_xstore_point_of_service | 7.1 |
| oracle | rapid_planning | 12.2 |
| oracle | retail_returns_management | 14.0 |
| oracle | insurance_rules_palette | 11.0 |
| oracle | retail_point-of-sale | 14.0 |
| oracle | communications_converged_application_server | * |
| oracle | communications_performance_intelligence_center | * |
| oracle | rapid_planning | 12.1 |
| oracle | retail_predictive_application_server | 16.0 |
| oracle | retail_integration_bus | 16.0.1 |
| oracle | primavera_gateway | 15.2 |
| oracle | retail_customer_insights | 16.0 |
| oracle | insurance_calculation_engine | 10.1.1 |
| oracle | retail_integration_bus | 15.0.2 |
| oracle | communications_policy_management | 12.5.0 |
| oracle | healthcare_master_person_index | 3.0 |
| oracle | retail_integration_bus | 14.1.3 |
| oracle | retail_integration_bus | 16.0.2 |
| oracle | retail_integration_bus | 14.1.1 |
| oracle | retail_order_broker | 5.2 |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_predictive_application_server | 14.1 |
| oracle | tape_library_acsls | 8.4 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | goldengate_for_big_data | 12.3.1.1 |
| oracle | big_data_discovery | 1.6.0 |
| oracle | primavera_gateway | 16.2 |
| oracle | health_sciences_information_manager | 3.0 |
| oracle | enterprise_manager_ops_center | 12.2.2 |
| vmware | spring_framework | * |
| oracle | retail_integration_bus | 14.0.2 |
| oracle | retail_predictive_application_server | 14.0 |
| oracle | healthcare_master_person_index | 4.0 |
| oracle | retail_open_commerce_platform | 5.3.0 |
| oracle | insurance_calculation_engine | 10.2 |
| oracle | retail_order_broker | 5.1 |
| oracle | retail_returns_management | 14.1 |
| oracle | retail_central_office | 14.1 |
| oracle | retail_customer_insights | 15.0 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | retail_integration_bus | 15.0.0.1 |
| oracle | insurance_rules_palette | 10.1 |
| oracle | communications_diameter_signaling_router | * |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | retail_open_commerce_platform | 6.0.1 |
| oracle | retail_central_office | 14.0 |
| oracle | retail_back_office | 14.0 |
| oracle | goldengate_for_big_data | 12.3.2.1 |
| oracle | retail_integration_bus | 14.0.3 |
| oracle | service_architecture_leveraging_tuxedo | 12.1.3.0.0 |
| oracle | retail_order_broker | 16.0 |
| oracle | retail_integration_bus | 14.0.4 |
| oracle | retail_predictive_application_server | 15.0 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | retail_integration_bus | 16.0 |
| oracle | insurance_rules_palette | 11.1 |
| oracle | primavera_gateway | 17.12 |
| oracle | retail_order_broker | 15.0 |
| oracle | retail_integration_bus | 15.0.1 |
| oracle | insurance_calculation_engine | 10.2.1 |
| oracle | retail_point-of-sale | 14.1 |
| oracle | goldengate_for_big_data | 12.2.0.1 |
| oracle | retail_integration_bus | 14.1.2 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | service_architecture_leveraging_tuxedo | 12.2.2.0.0 |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | retail_open_commerce_platform | 6.0.0 |
| oracle | retail_integration_bus | 14.0.1 |
| oracle | retail_back_office | 14.1 |
| oracle | communications_services_gatekeeper | * |
| oracle | retail_returns_management | 14.0 |
| oracle | insurance_rules_palette | 11.0 |
| oracle | retail_point-of-sale | 14.0 |
| oracle | communications_converged_application_server | * |
| oracle | communications_performance_intelligence_center | * |
| oracle | retail_predictive_application_server | 16.0 |
| oracle | retail_integration_bus | 16.0.1 |
| oracle | primavera_gateway | 15.2 |
| oracle | retail_customer_insights | 16.0 |
| oracle | insurance_calculation_engine | 10.1.1 |
| oracle | retail_integration_bus | 15.0.2 |
| oracle | healthcare_master_person_index | 3.0 |
| oracle | retail_integration_bus | 14.1.3 |
| oracle | retail_integration_bus | 16.0.2 |
| oracle | retail_integration_bus | 14.1.1 |
| oracle | retail_order_broker | 5.2 |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,CWE-358,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_predictive_application_server | 14.1 |
| oracle | service_architecture_leveraging_tuxedo | 12.1.3.0.0 |
| oracle | retail_order_broker | 16.0 |
| oracle | retail_predictive_application_server | 15.0 |
| oracle | tape_library_acsls | 8.4 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | goldengate_for_big_data | 12.3.1.1 |
| oracle | big_data_discovery | 1.6.0 |
| oracle | insurance_rules_palette | 11.1 |
| oracle | primavera_gateway | 17.12 |
| oracle | primavera_gateway | 16.2 |
| oracle | health_sciences_information_manager | 3.0 |
| oracle | retail_order_broker | 15.0 |
| vmware | spring_framework | * |
| oracle | insurance_calculation_engine | 10.2.1 |
| oracle | retail_predictive_application_server | 14.0 |
| oracle | healthcare_master_person_index | 4.0 |
| oracle | retail_open_commerce_platform | 5.3.0 |
| oracle | insurance_calculation_engine | 10.2 |
| oracle | goldengate_for_big_data | 12.2.0.1 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | service_architecture_leveraging_tuxedo | 12.2.2.0.0 |
| oracle | retail_order_broker | 5.1 |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | retail_open_commerce_platform | 6.0.0 |
| oracle | communications_services_gatekeeper | * |
| oracle | retail_customer_insights | 15.0 |
| oracle | insurance_rules_palette | 11.0 |
| oracle | communications_converged_application_server | * |
| oracle | communications_performance_intelligence_center | * |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | insurance_rules_palette | 10.1 |
| oracle | retail_predictive_application_server | 16.0 |
| oracle | communications_diameter_signaling_router | * |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | primavera_gateway | 15.2 |
| oracle | retail_customer_insights | 16.0 |
| oracle | insurance_calculation_engine | 10.1.1 |
| oracle | retail_open_commerce_platform | 6.0.1 |
| oracle | healthcare_master_person_index | 3.0 |
| oracle | retail_order_broker | 5.2 |
| oracle | goldengate_for_big_data | 12.3.2.1 |
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | agile_plm | 9.3.6 |
| oracle | retail_predictive_application_server | 15.0.3.100 |
| oracle | retail_financial_integration | 15.0 |
| oracle | primavera_analytics | 18.8 |
| oracle | communications_session_report_manager | 8.1.0 |
| oracle | retail_invoice_matching | 13.1 |
| oracle | primavera_gateway | 16.2 |
| oracle | insurance_policy_administration_j2ee | 10.1 |
| oracle | mysql_enterprise_monitor | * |
| oracle | retail_service_backbone | 16.0 |
| oracle | financial_services_analytical_applications_infrastructure | * |
| oracle | insurance_rules_palette | 11.2.0 |
| oracle | retail_invoice_matching | 13.2 |
| oracle | weblogic_server | 12.2.1.3.0 |
| oracle | retail_predictive_application_server | 14.1.3.37 |
| oracle | retail_assortment_planning | 15.0 |
| oracle | retail_service_backbone | 16.0.1 |
| oracle | communications_element_manager | 8.2.0 |
| oracle | primavera_gateway | 18.8.0 |
| oracle | agile_plm | 9.3.4 |
| oracle | flexcube_private_banking | 12.1.0 |
| oracle | communications_converged_application_server_-_service_controller | 6.1 |
| oracle | insurance_rules_palette | 11.0.2 |
| oracle | communications_session_report_manager | 8.2.1 |
| oracle | retail_assortment_planning | 16.0 |
| oracle | communications_diameter_signaling_router | 8.0.0 |
| oracle | retail_markdown_optimization | 13.4.4 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | goldengate_application_adapters | 12.3.2.1.0 |
| oracle | weblogic_server | 10.3.6.0.0 |
| oracle | retail_advanced_inventory_planning | 15.0 |
| oracle | communications_element_manager | 8.1.1 |
| oracle | communications_session_report_manager | 8.2.0 |
| oracle | retail_order_broker | 15.0 |
| oracle | insurance_calculation_engine | 10.0 |
| oracle | retail_invoice_matching | 12.0 |
| oracle | communications_session_route_manager | 8.2.0 |
| oracle | insurance_calculation_engine | 9.7 |
| oracle | insurance_rules_palette | 10.2.4 |
| vmware | spring_framework | 5.1.0 |
| oracle | insurance_rules_palette | 11.0 |
| oracle | retail_integration_bus | 15.0 |
| oracle | enterprise_manager_for_fusion_applications | 13.3.0.0 |
| oracle | retail_predictive_application_server | 14.1.3 |
| oracle | communications_session_route_manager | 8.2.1 |
| oracle | communications_session_route_manager | 8.1.1 |
| oracle | retail_order_broker | 5.2 |
| debian | debian_linux | 9.0 |
| oracle | retail_invoice_matching | 14.1 |
| oracle | retail_clearance_optimization_engine | 14.0.5 |
| oracle | insurance_policy_administration_j2ee | 11.0 |
| oracle | agile_plm | 9.3.3 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | insurance_calculation_engine | 10.1 |
| oracle | retail_financial_integration | 16.0 |
| oracle | flexcube_private_banking | 12.0.1 |
| vmware | spring_framework | * |
| oracle | communications_converged_application_server_-_service_controller | 6.0 |
| oracle | insurance_policy_administration_j2ee | 10.2.4 |
| oracle | insurance_calculation_engine | 10.2 |
| oracle | insurance_rules_palette | 11.1.0 |
| oracle | retail_order_broker | 5.1 |
| oracle | endeca_information_discovery_integrator | 3.2.0 |
| oracle | agile_plm | 9.3.5 |
| oracle | communications_session_route_manager | 8.1.0 |
| oracle | insurance_policy_administration_j2ee | 11.2.0 |
| oracle | retail_predictive_application_server | 14.0.3.26 |
| oracle | retail_financial_integration | 14.1 |
| oracle | communications_diameter_signaling_router | 8.2.1 |
| oracle | retail_invoice_matching | 14.0 |
| oracle | communications_brm_-_elastic_charging_engine | 12.0 |
| oracle | retail_integration_bus | 15.0.3 |
| oracle | insurance_rules_palette | 10.1 |
| oracle | tape_library_acsls | 8.5 |
| oracle | insurance_policy_administration_j2ee | 11.1.0 |
| oracle | communications_diameter_signaling_router | 8.1 |
| oracle | communications_session_report_manager | 8.0.0 |
| oracle | retail_financial_integration | 14.0 |
| oracle | communications_session_report_manager | 8.1.1 |
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | retail_invoice_matching | 13.0 |
| oracle | healthcare_master_person_index | 4.0.2 |
| oracle | retail_predictive_application_server | 14.0.3 |
| oracle | retail_order_broker | 16.0 |
| oracle | communications_brm_-_elastic_charging_engine | 11.3 |
| oracle | insurance_rules_palette | 10.2.0 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | communications_session_route_manager | 8.0.0 |
| oracle | communications_unified_inventory_management | 7.4.0 |
| oracle | retail_integration_bus | 16.0.3 |
| oracle | communications_element_manager | 8.2.1 |
| oracle | retail_integration_bus | 16.0 |
| oracle | communications_unified_inventory_management | 7.3 |
| oracle | identity_manager_connector | 9.0 |
| oracle | communications_online_mediation_controller | 6.1 |
| oracle | primavera_gateway | 17.12 |
| oracle | webcenter_sites | 12.2.1.3.0 |
| oracle | weblogic_server | 12.1.3.0.0 |
| oracle | communications_diameter_signaling_router | 8.2 |
| oracle | retail_service_backbone | 15.0 |
| oracle | insurance_policy_administration_j2ee | 10.2 |
| oracle | retail_xstore_point_of_service | 7.1 |
| oracle | rapid_planning | 12.2 |
| oracle | retail_predictive_application_server | 15.0.3 |
| oracle | rapid_planning | 12.1 |
| oracle | retail_predictive_application_server | 16.0.3 |
| oracle | retail_predictive_application_server | 16.0 |
| oracle | flexcube_private_banking | 12.0.3 |
| oracle | primavera_gateway | 15.2 |
| oracle | healthcare_master_person_index | 3.0 |
| oracle | insurance_policy_administration_j2ee | 10.2.0 |
| oracle | insurance_policy_administration_j2ee | 10.0 |
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.2 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | * |
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-470,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_link_controller | 13.0.0 |
| f5 | big-ip_edge_gateway | 13.0.0 |
| f5 | big-ip_local_traffic_manager | 13.0.0 |
| f5 | big-ip_advanced_firewall_manager | 13.1.0 |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 |
| f5 | big-ip_application_acceleration_manager | 13.1.0 |
| vmware | workstation | 14.1.5 |
| f5 | big-ip_websafe | 13.1.0 |
| f5 | big-ip_enterprise_manager | 3.1.1 |
| f5 | big-ip_webaccelerator | 13.1.0 |
| f5 | big-ip_local_traffic_manager | 13.1.0 |
| f5 | big-ip_link_controller | 13.1.0 |
| f5 | big-ip_webaccelerator | 13.0.0 |
| f5 | big-ip_edge_gateway | 13.1.0 |
| f5 | big-ip_application_security_manager | 13.1.0 |
| f5 | big-ip_policy_enforcement_manager | 13.1.0 |
| f5 | big-ip_application_security_manager | 13.0.0 |
| f5 | big-ip_domain_name_system | 13.0.0 |
| vmware | workstation_player | 15.0.2 |
| f5 | big-ip_analytics | 13.0.0 |
| f5 | big-ip_websafe | 13.0.0 |
| f5 | big-ip_access_policy_manager | 13.0.0 |
| f5 | big-ip_access_policy_manager | 13.1.0 |
| f5 | big-ip_global_traffic_manager | 13.1.0 |
| f5 | big-ip_application_acceleration_manager | 13.0.0 |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 |
| f5 | big-ip_domain_name_system | 13.1.0 |
| f5 | big-ip_analytics | 13.1.0 |
| f5 | big-ip_global_traffic_manager | 13.0.0 |
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
CVSS 2.0
Severity: LOW
Problem Type: CWE-772,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | 8.5.6 |
| vmware | fusion | 8.5.4 |
| vmware | workstation_pro | 12.5.5 |
| vmware | workstation_pro | 12.1.1 |
| vmware | workstation_player | 12.5.4 |
| vmware | workstation_pro | 12.5.1 |
| vmware | fusion | 8.5.1 |
| vmware | workstation_player | 12.5.7 |
| vmware | workstation_pro | 12.0 |
| vmware | workstation_pro | 12.5.6 |
| vmware | fusion | 8.1.1 |
| vmware | fusion | 8.5.3 |
| vmware | workstation_player | 12.5.5 |
| vmware | workstation_player | * |
| vmware | fusion | 8.0.2 |
| vmware | workstation_pro | 12.01 |
| vmware | workstation_player | 12.5.2 |
| vmware | workstation_pro | * |
| vmware | fusion | 8.5.7 |
| vmware | workstation_player | 12.5.1 |
| vmware | fusion | 8.5.8 |
| vmware | fusion | 8.0 |
| vmware | workstation_player | 12.0.1 |
| vmware | fusion | 8.0.1 |
| vmware | workstation_pro | 12.5.7 |
| vmware | workstation_player | 12.5.6 |
| vmware | fusion | 8.1 |
| vmware | workstation_player | 12.0 |
| vmware | fusion | 8.5.2 |
| vmware | workstation_pro | 12.5.4 |
| vmware | workstation_pro | 12.5 |
| vmware | workstation_player | 12.5 |
| vmware | fusion | * |
| vmware | fusion | 8.5.5 |
| vmware | workstation_player | 12.5.3 |
| vmware | workstation_pro | 12.1 |
| vmware | workstation_player | 12.1 |
| vmware | workstation_pro | 12.5.2 |
| vmware | workstation_player | 12.1.1 |
| vmware | fusion | 8.5 |
| vmware | workstation_pro | 12.5.3 |
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_automation | * |
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_automation | * |
VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_daas | * |
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | nsx_sd-wan_by_velocloud | * |
VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.
CVSS 2.0
Severity: LOW
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | * |
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6966 and CVE-2018-6967.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6966.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch_agent | * |
VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view | * |
| vmware | horizon_client | * |
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). Successful exploitation of this issue may allow low privileged users access to the credentials specified during the Horizon View Agent installation.
CVSS 2.0
Severity: LOW
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view_agents | * |
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 5.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.
CVSS 2.0
Severity: LOW
Problem Type: CWE-311,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | intelligent_hub | * |
The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-311,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one | * |
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | airwatch_console | * |
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | fusion | 11.0.0 |
| vmware | esxi | 6.5 |
| vmware | workstation | 15.0.0 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 2.0 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | fusion | 11.0.0 |
| vmware | esxi | 6.5 |
| vmware | workstation | 15.0.0 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| vmware | spring_security | * |
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tanzu_gemfire_for_virtual_machines | * |
| vmware | gemfire | * |
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | * |
| pivotal_software | rabbitmq | * |
| fedoraproject | fedora | 30 |
| redhat | openstack | 15 |
| fedoraproject | fedora | 31 |
| debian | debian_linux | 9.0 |
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | * |
| redhat | openstack | 15 |
| vmware | rabbitmq | 3.8.0 |
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | harbor_container_registry | * |
| vmware | cloud_foundation | - |
| linuxfoundation | harbor | * |
| linuxfoundation | harbor | 1.9.0 |
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-611,CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_customer_management_and_segmentation_foundation | 16.0 |
| vmware | spring_integration | * |
| oracle | retail_customer_management_and_segmentation_foundation | 17.0 |
| oracle | retail_customer_management_and_segmentation_foundation | 18.0 |
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| vmware | spring_security | * |
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_config | * |
| oracle | communications_cloud_native_core_policy | 1.15.0 |
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H | 3.9 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| amd | radeon_550_firmware | 26.20.13001.29010 |
| vmware | workstation | 15.0.0 |
| amd | radeon_rx_550_firmware | 26.20.13001.29010 |
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | * |
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | * |
VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon | * |
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-367,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.6 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H | 3.1 | 5.8 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcloud_director | * |
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | * |
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | * |
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.0 |
| vmware | remote_console | * |
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | horizon | * |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-613,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_esxi | 6.5 |
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 6.7 |
| vmware | vsphere_esxi | 6.7 |
| vmware | vcenter_server | 6.0 |
| vmware | vsphere_esxi | 6.0 |
| vmware | esxi | 6.7 |
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 3.1 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 6.7 |
| vmware | vcenter_server | 6.0 |
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail address if present but no other personal data. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 4.3.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | sd-wan_by_velocloud | * |
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 3.1 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 6.7 |
| vmware | vcenter_server | 6.0 |
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L | 2.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 6.7 |
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 6.7 |
VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_view_agent | * |
| vmware | workstation | * |
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 3.1 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H | 3.1 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | remote_console | * |
| vmware | horizon_client | * |
| vmware | workstation | * |
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_for_ibm_z_systems | 6.0_s390x |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| openslp | openslp | 1.2.1 |
| fedoraproject | fedora | 30 |
| redhat | enterprise_linux_server_eus | 7.7 |
| openslp | openslp | 2.0.0 |
| redhat | enterprise_linux_server | 6.0 |
| vmware | horizon_daas | * |
| redhat | enterprise_linux_workstation | 6.0 |
| openslp | openslp | * |
| fedoraproject | fedora | 31 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0_s390x |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.7_ppc64le |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| redhat | enterprise_linux_for_power_little_endian | 7.0_ppc64le |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.7_s390x |
| redhat | enterprise_linux_desktop | 7.0 |
| vmware | esxi | 6.7 |
| redhat | enterprise_linux_server_aus | 7.7 |
| vmware | esxi | 6.0 |
| redhat | enterprise_linux_server_tus | 7.7 |
| vmware | esxi | 6.5 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | photon_os | * |
| opensuse | leap | 15.1 |
| gnu | grub2 | * |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.2 |
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| saltstack | salt | * |
| debian | debian_linux | 8.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 16.04 |
| vmware | application_remote_collector | 7.5.0 |
| vmware | application_remote_collector | 8.0.0 |
| debian | debian_linux | 9.0 |
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| saltstack | salt | * |
| debian | debian_linux | 8.0 |
| opensuse | leap | 15.1 |
| blackberry | workspaces_server | * |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 16.04 |
| vmware | application_remote_collector | 7.5.0 |
| vmware | application_remote_collector | 8.0.0 |
| debian | debian_linux | 9.0 |
| blackberry | workspaces_server | 9.1.0 |
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_boxer | * |
| vmware | workspace_one_people | * |
| vmware | workspace_one_notebook | * |
| vmware | workspace_one_intelligent_hub | * |
| vmware | workspace_one_web | * |
| vmware | workspace_one_sdk | * |
| vmware | workspace_one_content | * |
| vmware | workspace_one_sdk_(objective-c) | * |
| vmware | workspace_one_piv-d_manager | * |
The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 3.9 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-776,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | installbuilder | * |
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | 2.0 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | remote_console | * |
| vmware | fusion | * |
| vmware | horizon_client | * |
VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.8 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L | 2.0 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | * |
| vmware | workstation | * |
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.7 |
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.3 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N | 2.8 | 5.8 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-917,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcloud_director | * |
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-367,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | remote_console | * |
| vmware | fusion | * |
| vmware | horizon_client | * |
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H | 2.0 | 5.8 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_esxi | 6.5 |
| vmware | fusion | * |
| vmware | vsphere_esxi | 6.7 |
| vmware | workstation | * |
VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | * |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.
CVSS 2.0
Severity: LOW
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.0 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 0.8 | 6.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 0.8 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H | 1.1 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-193,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.8 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L | 2.0 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | velocloud_orchestrator | 3.3.2 |
| vmware | velocloud_orchestrator | 3.4.0 |
| vmware | velocloud_orchestrator | * |
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | remote_console | * |
| vmware | fusion | * |
| vmware | horizon_client | * |
VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | app_volumes | * |
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_daas | 7.0.0 |
| vmware | horizon_daas | * |
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N | 1.3 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,CWE-367,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.7 | HIGH | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H | 1.3 | 5.8 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-367,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | fusion | * |
| vmware | workstation_player | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | sd-wan_orchestrator | * |
| vmware | sd-wan_orchestrator | 3.3.2 |
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | sd-wan_orchestrator | * |
| vmware | sd-wan_orchestrator | 3.3.2 |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L | 1.8 | 4.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_pro | * |
| vmware | workstation_player | * |
| vmware | horizon_client | * |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L | 1.8 | 4.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_pro | * |
| vmware | workstation_player | * |
| vmware | horizon_client | * |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L | 1.8 | 4.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_pro | * |
| vmware | workstation_player | * |
| vmware | horizon_client | * |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_pro | * |
| vmware | workstation_player | * |
| vmware | horizon_client | * |
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 2.0 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation_pro | * |
| vmware | workstation_player | * |
| vmware | horizon_client | * |
VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | * |
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | vmware_nsx-t_data_center | * |
| vmware | nsx-t_data_center | * |
| vmware | cloud_foundation | * |
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.2 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.6 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | velero | * |
VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon | * |
VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | * |
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H | 2.0 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | fusion | * |
| vmware | esxi | * |
| vmware | workstation | * |
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | sd-wan_orchestrator | * |
| vmware | sd-wan_orchestrator | 3.3.2 |
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-1188,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | sd-wan_orchestrator | * |
| vmware | sd-wan_orchestrator | 3.3.2 |
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | sd-wan_orchestrator | * |
| vmware | sd-wan_orchestrator | 3.3.2 |
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | sd-wan_orchestrator | * |
| vmware | sd-wan_orchestrator | 3.3.2 |
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | 4.0.1 |
| vmware | identity_manager_connector | 3.3.2 |
| vmware | identity_manager | 3.3.3 |
| vmware | identity_manager_connector | 3.3.3 |
| vmware | cloud_foundation | 4.0 |
| vmware | identity_manager | 3.3.1 |
| vmware | identity_manager | 3.3.2 |
| vmware | identity_manager_connector | 3.3.1 |
| vmware | vrealize_suite_lifecycle_manager | * |
| vmware | one_access | 20.01 |
| vmware | one_access | 20.10 |
The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.6 | LOW | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L | 1.0 | 2.5 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | carbon_black_cloud | * |
VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tanzu_gemfire_for_virtual_machines | * |
| vmware | gemfire | * |
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-352,CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_financial_integration | 15.0 |
| oracle | retail_financial_integration | 16.0 |
| oracle | mysql_enterprise_monitor | * |
| vmware | spring_framework | * |
| oracle | retail_service_backbone | 16.0 |
| oracle | insurance_policy_administration_j2ee | 11.0.2 |
| oracle | insurance_policy_administration_j2ee | 10.2.4 |
| oracle | financial_services_regulatory_reporting_with_agilereporter | 8.0.9.2.0 |
| oracle | insurance_rules_palette | 11.1.0 |
| oracle | insurance_rules_palette | 11.2.0 |
| oracle | weblogic_server | 12.2.1.3.0 |
| oracle | retail_returns_management | 14.1 |
| oracle | retail_central_office | 14.1 |
| oracle | insurance_policy_administration_j2ee | 11.2.0 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | communications_brm_-_elastic_charging_engine | 12.0 |
| oracle | retail_integration_bus | 15.0.3 |
| oracle | retail_assortment_planning | 15.0 |
| oracle | communications_diameter_signaling_router | * |
| oracle | insurance_policy_administration_j2ee | 11.1.0 |
| oracle | communications_element_manager | 8.2.0 |
| oracle | retail_predictive_application_server | 15.0.3.0 |
| oracle | retail_point-of-service | 14.1 |
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | flexcube_private_banking | 12.1.0 |
| oracle | insurance_rules_palette | 11.0.2 |
| oracle | healthcare_master_person_index | 4.0.2 |
| oracle | retail_assortment_planning | 16.0 |
| oracle | retail_predictive_application_server | 14.0.3 |
| oracle | retail_order_broker | 16.0 |
| oracle | communications_brm_-_elastic_charging_engine | 11.3 |
| oracle | insurance_rules_palette | 10.2.0 |
| oracle | retail_integration_bus | 16.0.3 |
| oracle | communications_element_manager | 8.2.1 |
| oracle | communications_element_manager | 8.1.1 |
| oracle | retail_order_broker | 15.0 |
| oracle | communications_session_route_manager | 8.2.0 |
| oracle | enterprise_manager_base_platform | 13.2.1.0 |
| oracle | insurance_rules_palette | 10.2.4 |
| oracle | retail_service_backbone | 15.0 |
| oracle | insurance_calculation_engine | * |
| oracle | retail_back_office | 14.1 |
| oracle | rapid_planning | 12.2 |
| oracle | rapid_planning | 12.1 |
| oracle | retail_predictive_application_server | 16.0.3.0 |
| oracle | retail_predictive_application_server | 14.1.3 |
| oracle | communications_policy_management | 12.5.0 |
| oracle | communications_session_route_manager | 8.2.1 |
| oracle | insurance_policy_administration_j2ee | 10.2.0 |
| oracle | communications_session_route_manager | 8.1.1 |
| oracle | flexcube_private_banking | 12.0.0 |
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-79,CWE-494,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_financial_integration | 15.0 |
| oracle | retail_financial_integration | 16.0 |
| vmware | spring_framework | * |
| oracle | retail_service_backbone | 16.0 |
| oracle | insurance_policy_administration_j2ee | 11.0.2 |
| oracle | insurance_policy_administration_j2ee | 10.2.4 |
| oracle | insurance_policy_administration_j2ee | 11.2.2.0 |
| oracle | financial_services_regulatory_reporting_with_agilereporter | 8.0.9.2.0 |
| oracle | insurance_rules_palette | 11.1.0 |
| oracle | insurance_rules_palette | 11.2.0 |
| oracle | communications_billing_and_revenue_management_elastic_charging_engine | 12.0 |
| oracle | weblogic_server | 12.2.1.3.0 |
| oracle | retail_returns_management | 14.1 |
| oracle | retail_central_office | 14.1 |
| oracle | insurance_policy_administration_j2ee | 11.2.0 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | communications_billing_and_revenue_management_elastic_charging_engine | 11.3 |
| oracle | retail_integration_bus | 15.0.3 |
| oracle | retail_assortment_planning | 15.0 |
| oracle | communications_diameter_signaling_router | * |
| oracle | insurance_policy_administration_j2ee | 11.1.0 |
| oracle | communications_element_manager | 8.2.0 |
| netapp | snapcenter | - |
| oracle | communications_session_report_manager | 8.1.1 |
| oracle | retail_point-of-service | 14.1 |
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | flexcube_private_banking | 12.1.0 |
| oracle | insurance_rules_palette | 11.0.2 |
| oracle | healthcare_master_person_index | 4.0.2 |
| oracle | communications_session_report_manager | 8.2.1 |
| oracle | retail_assortment_planning | 16.0 |
| oracle | communications_cloud_native_core_policy | 1.5.0 |
| oracle | retail_predictive_application_server | 14.0.3 |
| oracle | retail_predictive_application_server | 14.1.3.0 |
| oracle | retail_order_broker | 16.0 |
| oracle | mysql | * |
| oracle | insurance_rules_palette | 10.2.0 |
| oracle | retail_integration_bus | 16.0.3 |
| oracle | communications_element_manager | 8.2.1 |
| oracle | communications_element_manager | 8.1.1 |
| netapp | data_availability_services | - |
| oracle | communications_session_report_manager | 8.2.0 |
| oracle | retail_order_broker | 15.0 |
| oracle | siebel_engineering_-_installer_&_deployment | * |
| oracle | communications_session_route_manager | 8.2.0 |
| oracle | enterprise_manager_base_platform | 13.2.1.0 |
| oracle | insurance_rules_palette | 10.2.4 |
| oracle | retail_service_backbone | 15.0 |
| oracle | insurance_calculation_engine | * |
| oracle | retail_back_office | 14.1 |
| oracle | rapid_planning | 12.2 |
| oracle | retail_predictive_application_server | 15.0.3 |
| oracle | rapid_planning | 12.1 |
| oracle | retail_predictive_application_server | 16.0.3.0 |
| oracle | communications_policy_management | 12.5.0 |
| oracle | retail_bulk_data_integration | 16.0.3.0 |
| oracle | communications_session_route_manager | 8.2.1 |
| oracle | insurance_policy_administration_j2ee | 10.2.0 |
| oracle | communications_session_route_manager | 8.1.1 |
| oracle | flexcube_private_banking | 12.0.0 |
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-23,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_config | * |
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tanzu_application_service_for_vms | * |
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-329,CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pivotal_software | spring_security | * |
| vmware | spring_security | * |
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-23,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_config | * |
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-441,CWE-610,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_netflix | * |
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | banking_corporate_lending_process_management | 14.5.0 |
| oracle | banking_credit_facilities_process_management | 14.5.0 |
| oracle | banking_supply_chain_finance | 14.3.0 |
| oracle | banking_corporate_lending_process_management | 14.2.0 |
| oracle | banking_supply_chain_finance | 14.5.0 |
| oracle | banking_credit_facilities_process_management | 14.3.0 |
| vmware | spring_integration | * |
| oracle | banking_supply_chain_finance | 14.2.0 |
| oracle | banking_virtual_account_management | 14.5.0 |
| oracle | retail_customer_management_and_segmentation_foundation | * |
| oracle | banking_corporate_lending_process_management | 14.3.0 |
| oracle | retail_merchandising_system | 16.0.3 |
| oracle | banking_virtual_account_management | 14.3.0 |
| oracle | banking_credit_facilities_process_management | 14.2.0 |
| oracle | banking_virtual_account_management | 14.2.0 |
| oracle | flexcube_private_banking | 12.0.0 |
| oracle | flexcube_private_banking | 12.1.0 |
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.7 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H | 0.9 | 4.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | operations_manager | * |
| vmware | tanzu_application_service_for_virtual_machines | * |
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | * |
| pivotal_software | rabbitmq | * |
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N | 1.3 | 4.7 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_predictive_application_server | 14.1 |
| oracle | retail_service_backbone | 14.1.3 |
| oracle | primavera_p6_enterprise_project_portfolio_management | * |
| oracle | hyperion_infrastructure_technology | 11.1.2.4 |
| oracle | retail_customer_management_and_segmentation_foundation | * |
| oracle | mysql_enterprise_monitor | 8.0.23 |
| oracle | enterprise_data_quality | 12.2.1.4.0 |
| oracle | mysql_enterprise_monitor | * |
| oracle | healthcare_master_person_index | 4.0.2.5 |
| vmware | spring_framework | * |
| oracle | retail_customer_engagement | * |
| oracle | financial_services_analytical_applications_infrastructure | * |
| oracle | enterprise_data_quality | 12.2.1.3.0 |
| oracle | retail_financial_integration | 14.1.3 |
| oracle | endeca_information_discovery_integrator | 3.2.0 |
| oracle | insurance_policy_administration | 10.2 |
| oracle | insurance_policy_administration | 10.2.4 |
| oracle | weblogic_server | 12.2.1.3.0 |
| oracle | retail_returns_management | 14.1 |
| oracle | goldengate_application_adapters | 19.1.0.0.0 |
| netapp | snap_creator_framework | - |
| oracle | retail_invoice_matching | 14.0 |
| oracle | insurance_policy_administration | 11.0.2 |
| oracle | fusion_middleware | 12.2.1.3.0 |
| oracle | retail_integration_bus | 15.0.3 |
| oracle | communications_brm | 12.0.0.3 |
| oracle | commerce_guided_search | 11.3.2 |
| netapp | snapcenter | - |
| oracle | weblogic_server | 12.2.1.4.0 |
| netapp | oncommand_insight | - |
| oracle | communications_unified_inventory_management | 7.3.5 |
| oracle | flexcube_private_banking | 12.1.0 |
| oracle | insurance_rules_palette | 11.0.2 |
| oracle | retail_order_broker | 16.0 |
| oracle | insurance_rules_palette | 10.2.0 |
| oracle | insurance_policy_administration | * |
| oracle | weblogic_server | 10.3.6.0.0 |
| oracle | retail_integration_bus | 16.0.3 |
| oracle | retail_xstore_point_of_service | 18.0.3 |
| oracle | retail_xstore_point_of_service | 19.0.2 |
| oracle | retail_merchandising_system | 16.0.3 |
| oracle | communications_brm | 11.3.0.9 |
| oracle | retail_order_broker | 15.0 |
| oracle | storagetek_tape_analytics_sw_tool | 2.3 |
| oracle | retail_xstore_point_of_service | 17.0.4 |
| oracle | communications_design_studio | 7.3.5 |
| oracle | weblogic_server | 12.1.3.0.0 |
| oracle | storagetek_acsls | 8.5.1 |
| oracle | communications_design_studio | 7.3.4 |
| oracle | retail_xstore_point_of_service | 15.0.4 |
| oracle | communications_design_studio | 7.4.0 |
| oracle | insurance_rules_palette | 10.2.4 |
| oracle | insurance_rules_palette | * |
| oracle | fusion_middleware | 12.2.1.4.0 |
| oracle | primavera_gateway | * |
| oracle | communications_unified_inventory_management | 7.3.4 |
| oracle | retail_financial_integration | 16.0.3 |
| oracle | retail_assortment_planning | 16.0.3.0 |
| oracle | weblogic_server | 14.1.1.0.0 |
| oracle | retail_service_backbone | 15.0.3 |
| oracle | retail_xstore_point_of_service | 16.0.6 |
| oracle | retail_financial_integration | 15.0.3 |
| oracle | communications_session_report_manager | * |
| oracle | retail_bulk_data_integration | 16.0.3.0 |
| oracle | retail_integration_bus | 14.1.3 |
| oracle | retail_service_backbone | 16.0.3 |
| oracle | flexcube_private_banking | 12.0.0 |
| oracle | retail_invoice_matching | 14.1 |
Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.9 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H | 1.3 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | single_sign-on_for_tanzu | * |
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | pivotal_scheduler | * |
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_data_flow | * |
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L | 1.2 | 4.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_task | * |
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_manager | 8.0.0 |
| vmware | cloud_foundation | 3.9.1 |
| vmware | cloud_foundation | 4.0 |
| vmware | cloud_foundation | 3.9 |
| vmware | cloud_foundation | 3.0.1 |
| vmware | cloud_foundation | 3.8.1 |
| vmware | vrealize_operations_manager | 8.1.1 |
| vmware | vrealize_operations_manager | 7.5.0 |
| vmware | vrealize_suite_lifecycle_manager | 8.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.0.1 |
| vmware | vrealize_operations_manager | 8.1.0 |
| vmware | cloud_foundation | 3.5.1 |
| vmware | cloud_foundation | 3.7.2 |
| vmware | vrealize_operations_manager | 8.2.0 |
| vmware | cloud_foundation | 3.0.1.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.0 |
| vmware | vrealize_operations_manager | 8.0.1 |
| vmware | cloud_foundation | 3.5 |
| vmware | vrealize_suite_lifecycle_manager | 8.2 |
| vmware | cloud_foundation | 4.0.1 |
| vmware | cloud_foundation | 3.10 |
| vmware | cloud_foundation | 3.7 |
| vmware | vrealize_operations_manager | 7.0.0 |
| vmware | cloud_foundation | 3.0 |
| vmware | cloud_foundation | 3.7.1 |
| vmware | cloud_foundation | 3.8 |
| vmware | vrealize_operations_manager | 8.3.0 |
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vsphere_replication | * |
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | view_planner | * |
| vmware | view_planner | 4.6 |
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | 3.0 |
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | vmware_nsx-t_data_center | 3.1.1 |
| vmware | nsx-t_data_center | 3.1.1 |
VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | carbon_black_cloud_workload | * |
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H | 1.2 | 5.2 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_manager | 8.0.0 |
| vmware | cloud_foundation | 3.9.1 |
| vmware | cloud_foundation | 4.0 |
| vmware | cloud_foundation | 3.9 |
| vmware | cloud_foundation | 3.0.1 |
| vmware | cloud_foundation | 3.8.1 |
| vmware | vrealize_operations_manager | 8.1.1 |
| vmware | vrealize_operations_manager | 7.5.0 |
| vmware | vrealize_suite_lifecycle_manager | 8.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.0.1 |
| vmware | vrealize_operations_manager | 8.1.0 |
| vmware | cloud_foundation | 3.5.1 |
| vmware | cloud_foundation | 3.7.2 |
| vmware | vrealize_operations_manager | 8.2.0 |
| vmware | cloud_foundation | 3.0.1.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.0 |
| vmware | vrealize_operations_manager | 8.0.1 |
| vmware | cloud_foundation | 3.5 |
| vmware | vrealize_suite_lifecycle_manager | 8.2 |
| vmware | cloud_foundation | 4.0.1 |
| vmware | cloud_foundation | 3.10 |
| vmware | cloud_foundation | 3.7 |
| vmware | vrealize_operations_manager | 7.0.0 |
| vmware | cloud_foundation | 3.0 |
| vmware | cloud_foundation | 3.7.1 |
| vmware | cloud_foundation | 3.8 |
| vmware | vrealize_operations_manager | 8.3.0 |
VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_business_for_cloud | * |
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-918,CWE-20,CWE-470,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 2.0 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | * |
| vmware | workstation | * |
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 2.0 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | * |
| vmware | workstation | * |
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 2.0 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | * |
| vmware | workstation | * |
VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_unified_endpoint_management | * |
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | carbon_black_app_control | 8.1 |
| vmware | carbon_black_app_control | * |
| vmware | carbon_black_app_control | 8.0 |
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
| vmware | remote_console | * |
| vmware | app_volumes | * |
VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | thinapp | * |
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.3 |
| vmware | cloud_foundation | 4.1 |
| vmware | identity_manager | 3.3.4 |
| vmware | cloud_foundation | 4.0 |
| vmware | vrealize_suite_lifecycle_manager | 8.0 |
| vmware | workspace_one_access | 20.10 |
| vmware | cloud_foundation | 4.2.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.2 |
| vmware | workspace_one_access | 20.01 |
| vmware | cloud_foundation | 4.0.1 |
| vmware | workspace_one_access | 20.10.01 |
| vmware | identity_manager | 3.3.5 |
| vmware | identity_manager | 3.3.2 |
| vmware | cloud_foundation | 4.1.0.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.0.1 |
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-307,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.3 |
| vmware | cloud_foundation | 4.1 |
| vmware | identity_manager | 3.3.4 |
| vmware | cloud_foundation | 4.0 |
| vmware | vrealize_suite_lifecycle_manager | 8.0 |
| vmware | workspace_one_access | 20.10 |
| vmware | cloud_foundation | 4.2.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.2 |
| vmware | workspace_one_access | 20.01 |
| vmware | cloud_foundation | 4.0.1 |
| vmware | workspace_one_access | 20.10.01 |
| vmware | identity_manager | 3.3.5 |
| vmware | identity_manager | 3.3.2 |
| vmware | cloud_foundation | 4.1.0.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.0.1 |
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-552,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.7 |
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L | 3.9 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 7.0 |
| vmware | cloud_foundation | * |
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
| vmware | cloud_foundation | * |
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_manager | * |
| vmware | vrealize_operations_manager | 7.5.0 |
| vmware | cloud_foundation | * |
| vmware | vrealize_suite_lifecycle_manager | * |
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-639,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_manager | * |
| vmware | vrealize_operations_manager | 7.5.0 |
| vmware | cloud_foundation | * |
| vmware | vrealize_suite_lifecycle_manager | * |
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_manager | * |
| vmware | vrealize_operations_manager | 7.5.0 |
| vmware | cloud_foundation | * |
| vmware | vrealize_suite_lifecycle_manager | * |
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_manager | * |
| vmware | vrealize_operations_manager | 7.5.0 |
| vmware | cloud_foundation | * |
| vmware | vrealize_suite_lifecycle_manager | * |
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_manager | * |
| vmware | vrealize_operations_manager | 7.5.0 |
| vmware | cloud_foundation | * |
| vmware | vrealize_suite_lifecycle_manager | * |
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_manager | * |
| vmware | vrealize_operations_manager | 7.5.0 |
| vmware | cloud_foundation | * |
| vmware | vrealize_suite_lifecycle_manager | * |
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_uem_console | * |
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.7 | LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N | 1.2 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
| vmware | cloud_foundation | * |
| vmware | vrealize_suite_lifecycle_manager | * |
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations_tenant | * |
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
| vmware | cloud_foundation | * |
| vmware | vrealize_suite_lifecycle_manager | * |
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_orchestrator | * |
| vmware | vrealize_automation | * |
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | installbuilder | * |
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | installbuilder | * |
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | workstation_pro | * |
| vmware | fusion | * |
| vmware | workstation_player | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | - |
| vmware | esxi | 7.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | cloud_foundation | * |
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-367,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | fusion | * |
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_openfeign | * |
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H | 1.1 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | workstation | * |
| vmware | esxi | 6.7 |
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_data_rest | * |
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | esxi | 6.7 |
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_gateway | * |
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_netflix | * |
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_uem_console | * |
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | photon_os | * |
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.3 |
| vmware | identity_manager | 3.3.4 |
| vmware | workspace_one_access | 20.10.01 |
| vmware | workspace_one_access | 21.08 |
| vmware | identity_manager | 3.3.5 |
| vmware | vrealize_automation | 7.6 |
| vmware | workspace_one_access | 20.10 |
| vmware | vrealize_automation | * |
| vmware | workspace_one_access | 21.08.01 |
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_access | 21.08 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | workspace_one_access | 20.10 |
| vmware | workspace_one_access | 20.10.0.1 |
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | communications_cloud_native_core_service_communication_proxy | 1.15.0 |
| oracle | communications_cloud_native_core_console | 1.9.0 |
| vmware | spring_framework | * |
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_advanced_message_queuing_protocol | * |
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-117,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | communications_cloud_native_core_service_communication_proxy | 1.15.0 |
| oracle | communications_cloud_native_core_console | 1.9.0 |
| netapp | active_iq_unified_manager | - |
| netapp | metrocluster_tiebreaker | - |
| netapp | snapcenter | - |
| vmware | spring_framework | * |
| netapp | snap_creator_framework | - |
| netapp | management_services_for_element_software_and_netapp_hci | - |
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_advanced_message_queuing_protocol | * |
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | communications_interactive_session_recorder | 6.4 |
| oracle | insurance_policy_administration | 11.3.0 |
| oracle | insurance_policy_administration | 11.2.0 |
| oracle | communications_element_manager | * |
| oracle | mysql_enterprise_monitor | * |
| oracle | hospitality_cruise_shipboard_property_management_system | 20.1.0 |
| pivotal_software | spring_security | * |
| oracle | communications_unified_inventory_management | 7.4.1 |
| vmware | spring_security | * |
| oracle | communications_interactive_session_recorder | 6.3 |
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_netflix_zuul | * |
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_integration_zip | * |
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | * |
| debian | debian_linux | 9.0 |
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | * |
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | retail_assortment_planning | 16.0 |
| oracle | utilities_testing_accelerator | 6.0.0.1.1 |
| oracle | communications_cloud_native_core_unified_data_repository | 1.14.0 |
| oracle | retail_order_broker | 16.0 |
| oracle | insurance_policy_administration | * |
| oracle | retail_integration_bus | 16.0.3 |
| oracle | communications_cloud_native_core_service_communication_proxy | 1.14.0 |
| oracle | retail_customer_management_and_segmentation_foundation | * |
| oracle | enterprise_data_quality | 12.2.1.4.0 |
| oracle | communications_element_manager | * |
| oracle | mysql_enterprise_monitor | * |
| vmware | spring_framework | * |
| netapp | hci | - |
| oracle | retail_merchandising_system | 19.0.1 |
| oracle | communications_cloud_native_core_binding_support_function | 1.9.0 |
| oracle | financial_services_analytical_applications_infrastructure | * |
| oracle | communications_diameter_intelligence_hub | * |
| oracle | insurance_rules_palette | 11.1.0 |
| oracle | communications_interactive_session_recorder | 6.4 |
| oracle | enterprise_data_quality | 12.2.1.3.0 |
| oracle | utilities_testing_accelerator | 6.0.0.2.2 |
| oracle | retail_integration_bus | 15.0.3.1 |
| netapp | management_services_for_element_software | - |
| oracle | insurance_rules_palette | 11.2.7 |
| oracle | communications_unified_inventory_management | 7.4.1 |
| oracle | communications_session_route_manager | * |
| oracle | communications_unified_inventory_management | 7.5.0 |
| oracle | insurance_rules_palette | 11.3.0 |
| oracle | retail_predictive_application_server | 15.0.3 |
| oracle | retail_financial_integration | 16.0.3 |
| oracle | communications_cloud_native_core_policy | 1.14.0 |
| oracle | communications_unified_inventory_management | 7.4.2 |
| oracle | utilities_testing_accelerator | 6.0.0.3.1 |
| oracle | retail_integration_bus | 14.1.3.2 |
| oracle | communications_brm_-_elastic_charging_engine | 12.0.0.3 |
| oracle | insurance_rules_palette | 11.3.1 |
| oracle | retail_predictive_application_server | 16.0.3 |
| oracle | communications_session_report_manager | * |
| oracle | retail_predictive_application_server | 14.1.3 |
| oracle | healthcare_data_repository | 8.1.0 |
| oracle | commerce_guided_search | 11.3.2 |
| oracle | retail_financial_integration | 14.1.3.2 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.6.0 |
| oracle | documaker | * |
| oracle | communications_network_integrity | 7.3.6 |
| oracle | insurance_rules_palette | 11.0.2 |
| oracle | retail_financial_integration | 15.0.3.1 |
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | * |
| oracle | communications_cloud_native_core_policy | 1.14.0 |
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
| netapp | element_plug-in_for_vcenter_server | * |
| netapp | management_services_for_element_software_and_netapp_hci | * |
| netapp | solidfire_&_hci_management_node | * |
The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H | 2.0 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| 10web | photo_gallery | * |
| vmware | tools | * |
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N | 0.5 | 2.5 |
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-80,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | * |
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N | 0.5 | 2.5 |
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-80,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | * |
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-459,CWE-459,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 36 |
| intel | sgx_psw | * |
| vmware | esxi | 7.0 |
| debian | debian_linux | 11.0 |
| debian | debian_linux | 10.0 |
| intel | sgx_dcap | * |
| xen | xen | * |
| debian | debian_linux | 9.0 |
| intel | sgx_sdk | * |
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-459,CWE-459,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 36 |
| intel | sgx_psw | * |
| vmware | esxi | 7.0 |
| debian | debian_linux | 11.0 |
| debian | debian_linux | 10.0 |
| intel | sgx_dcap | * |
| xen | xen | * |
| debian | debian_linux | 9.0 |
| intel | sgx_sdk | * |
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-459,CWE-459,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 36 |
| intel | sgx_psw | * |
| vmware | esxi | 7.0 |
| debian | debian_linux | 11.0 |
| debian | debian_linux | 10.0 |
| intel | sgx_dcap | * |
| xen | xen | * |
| debian | debian_linux | 9.0 |
| intel | sgx_sdk | * |
Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | i40en | * |
| vmware | ixgben | * |
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H | 2.0 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon | * |
| vmware | workstation | * |
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | * |
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | photon_os | 4.0 |
| vmware | photon_os | 3.0 |
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_boxer | * |
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | nsx_data_center | * |
| vmware | cloud_foundation | * |
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.1 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
| oracle | commerce_guided_search | 11.3.2 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.2 |
| vmware | spring_cloud_gateway | 3.1.0 |
| oracle | communications_cloud_native_core_network_repository_function | 22.2.0 |
| oracle | communications_cloud_native_core_console | 22.2.0 |
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,CWE-917,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 |
| oracle | communications_cloud_native_core_network_repository_function | 1.15.1 |
| oracle | communications_cloud_native_core_service_communication_proxy | 1.15.0 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.2 |
| oracle | communications_cloud_native_core_network_exposure_function | 22.1.0 |
| vmware | spring_cloud_gateway | * |
| oracle | communications_cloud_native_core_console | 22.2.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.1 |
| oracle | communications_cloud_native_core_network_repository_function | 1.15.0 |
| oracle | communications_cloud_native_core_network_slice_selection_function | 22.1.0 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
| oracle | commerce_guided_search | 11.3.2 |
| oracle | communications_cloud_native_core_network_slice_selection_function | 1.8.0 |
| vmware | spring_cloud_gateway | 3.1.0 |
| oracle | communications_cloud_native_core_network_repository_function | 22.2.0 |
| oracle | communications_cloud_native_core_binding_support_function | 1.11.0 |
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | 3.11 |
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | * |
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | carbon_black_app_control | * |
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | carbon_black_app_control | * |
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vmware_hcx | 4.3.1 |
| vmware | vmware_hcx | 4.3.2 |
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.3 |
| vmware | identity_manager | 3.3.4 |
| vmware | vrealize_automation | 7.6 |
| vmware | vrealize_suite_lifecycle_manager | * |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | identity_manager | 3.3.5 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | cloud_foundation | * |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | vrealize_automation | * |
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.3 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager | 3.3.5 |
| vmware | vrealize_automation | 7.6 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | vrealize_automation | * |
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.3 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager | 3.3.5 |
| vmware | vrealize_automation | 7.6 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | vrealize_automation | * |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.3 |
| vmware | identity_manager | 3.3.4 |
| vmware | vrealize_automation | 7.6 |
| vmware | vrealize_suite_lifecycle_manager | * |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | identity_manager | 3.3.5 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | cloud_foundation | * |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | vrealize_automation | * |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.3 |
| vmware | identity_manager | 3.3.4 |
| vmware | vrealize_automation | 7.6 |
| vmware | vrealize_suite_lifecycle_manager | * |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | identity_manager | 3.3.5 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | cloud_foundation | * |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | vrealize_automation | * |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.3 |
| vmware | identity_manager | 3.3.4 |
| vmware | vrealize_automation | 7.6 |
| vmware | vrealize_suite_lifecycle_manager | * |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | identity_manager | 3.3.5 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | cloud_foundation | * |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | vrealize_automation | * |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-732,CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.3 |
| vmware | identity_manager | 3.3.4 |
| vmware | vrealize_automation | 7.6 |
| vmware | vrealize_suite_lifecycle_manager | * |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | identity_manager | 3.3.5 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | cloud_foundation | * |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | vrealize_automation | * |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.3 |
| vmware | identity_manager | 3.3.4 |
| vmware | vrealize_automation | 7.6 |
| vmware | vrealize_suite_lifecycle_manager | * |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | identity_manager | 3.3.5 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | cloud_foundation | * |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | vrealize_automation | * |
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon | * |
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,CWE-917,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | sd-wan_edge | 9.0 |
| oracle | communications_cloud_native_core_console | 1.9.0 |
| oracle | banking_branch | 14.5 |
| oracle | financial_services_behavior_detection_platform | 8.1.1.1 |
| oracle | banking_credit_facilities_process_management | 14.5 |
| oracle | communications_cloud_native_core_policy | 1.15.0 |
| oracle | communications_cloud_native_core_automated_test_suite | 22.1.0 |
| oracle | communications_cloud_native_core_unified_data_repository | 22.1.0 |
| oracle | banking_trade_finance_process_management | 14.5 |
| oracle | banking_electronic_data_exchange_for_corporates | 14.5 |
| oracle | banking_origination | 14.5 |
| oracle | retail_xstore_point_of_service | 21.0.0 |
| oracle | financial_services_enterprise_case_management | 8.1.1.0 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.2 |
| oracle | product_lifecycle_analytics | 3.6.1.0 |
| oracle | communications_cloud_native_core_policy | 22.1.3 |
| oracle | retail_xstore_point_of_service | 20.0.1 |
| oracle | communications_cloud_native_core_network_repository_function | 1.15.0 |
| oracle | financial_services_analytical_applications_infrastructure | 8.1.2.0 |
| oracle | mysql_enterprise_monitor | * |
| oracle | communications_cloud_native_core_unified_data_repository | 1.15.0 |
| vmware | spring_cloud_function | * |
| oracle | communications_cloud_native_core_policy | 22.1.0 |
| oracle | banking_corporate_lending_process_management | 14.5 |
| oracle | financial_services_enterprise_case_management | 8.1.2.0 |
| oracle | banking_cash_management | 14.5 |
| oracle | communications_communications_policy_management | 12.6.0.0.0 |
| oracle | banking_liquidity_management | 14.2 |
| oracle | banking_supply_chain_finance | 14.5 |
| oracle | financial_services_enterprise_case_management | 8.1.1.1 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 |
| oracle | financial_services_behavior_detection_platform | 8.1.1.0 |
| oracle | banking_virtual_account_management | 14.5 |
| oracle | communications_cloud_native_core_automated_test_suite | 1.9.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.7.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.0 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.0 |
| oracle | communications_cloud_native_core_network_exposure_function | 22.1.0 |
| oracle | banking_liquidity_management | 14.5 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.0 |
| oracle | communications_cloud_native_core_network_slice_selection_function | 22.1.0 |
| oracle | financial_services_analytical_applications_infrastructure | 8.1.1.0 |
| oracle | communications_cloud_native_core_console | 22.1.0 |
| oracle | sd-wan_edge | 9.1 |
| oracle | communications_cloud_native_core_network_slice_selection_function | 1.8.0 |
| oracle | financial_services_behavior_detection_platform | 8.1.2.0 |
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon | * |
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| veritas | flex_appliance | 2.0.2 |
| veritas | netbackup_appliance | 4.0.0.1 |
| oracle | communications_cloud_native_core_network_slice_selection_function | 1.15.0 |
| siemens | simatic_speech_assistant_for_machines | * |
| oracle | communications_cloud_native_core_unified_data_repository | 22.1.0 |
| veritas | flex_appliance | 2.0 |
| oracle | financial_services_analytical_applications_infrastructure | 8.1.2.0 |
| oracle | mysql_enterprise_monitor | * |
| oracle | communications_cloud_native_core_unified_data_repository | 1.15.0 |
| vmware | spring_framework | * |
| veritas | access_appliance | 7.4.3 |
| oracle | financial_services_enterprise_case_management | 8.1.2.0 |
| cisco | cx_cloud_agent | * |
| oracle | financial_services_enterprise_case_management | 8.1.1.1 |
| oracle | retail_integration_bus | 15.0.3.1 |
| veritas | flex_appliance | 1.3 |
| oracle | communications_cloud_native_core_automated_test_suite | 1.9.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 22.1.0 |
| oracle | communications_unified_inventory_management | 7.4.1 |
| oracle | communications_unified_inventory_management | 7.5.0 |
| oracle | weblogic_server | 12.2.1.3.0 |
| veritas | netbackup_virtual_appliance | 4.1.0.1 |
| oracle | communications_unified_inventory_management | 7.4.2 |
| veritas | netbackup_virtual_appliance | 4.0 |
| oracle | retail_customer_management_and_segmentation_foundation | 17.0 |
| siemens | sinec_network_management_system | * |
| veritas | flex_appliance | 2.1 |
| oracle | communications_cloud_native_core_network_repository_function | 22.1.0 |
| oracle | commerce_platform | 11.3.2 |
| oracle | communications_cloud_native_core_console | 22.1.0 |
| oracle | communications_cloud_native_core_network_slice_selection_function | 1.8.0 |
| oracle | retail_financial_integration | 14.1.3.2 |
| siemens | sipass_integrated | 2.85 |
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | financial_services_behavior_detection_platform | 8.1.2.0 |
| veritas | access_appliance | 7.4.3.200 |
| oracle | retail_customer_management_and_segmentation_foundation | 18.0 |
| siemens | sipass_integrated | 2.80 |
| oracle | sd-wan_edge | 9.0 |
| veritas | netbackup_virtual_appliance | 4.1 |
| oracle | communications_cloud_native_core_console | 1.9.0 |
| oracle | financial_services_behavior_detection_platform | 8.1.1.1 |
| veritas | netbackup_appliance | 4.0 |
| oracle | communications_cloud_native_core_policy | 1.15.0 |
| oracle | communications_cloud_native_core_automated_test_suite | 22.1.0 |
| oracle | retail_integration_bus | 19.0.1 |
| oracle | retail_integration_bus | 16.0.3 |
| oracle | financial_services_analytical_applications_infrastructure | 8.1.1 |
| veritas | netbackup_appliance | 4.1.0.1 |
| oracle | retail_xstore_point_of_service | 21.0.0 |
| oracle | financial_services_enterprise_case_management | 8.1.1.0 |
| siemens | siveillance_identity | 1.6 |
| oracle | communications_policy_management | 12.6.0.0.0 |
| oracle | retail_bulk_data_integration | 16.0.3 |
| oracle | retail_xstore_point_of_service | 20.0.1 |
| oracle | communications_cloud_native_core_network_repository_function | 1.15.0 |
| oracle | retail_merchandising_system | 16.0.3 |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 |
| veritas | access_appliance | 7.4.3.100 |
| siemens | siveillance_identity | 1.5 |
| oracle | retail_merchandising_system | 19.0.1 |
| veritas | netbackup_flex_scale_appliance | 3.0 |
| oracle | communications_cloud_native_core_policy | 22.1.0 |
| siemens | operation_scheduler | * |
| veritas | netbackup_flex_scale_appliance | 2.1 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 |
| oracle | financial_services_behavior_detection_platform | 8.1.1.0 |
| oracle | product_lifecycle_analytics | 3.6.1 |
| oracle | retail_financial_integration | 19.0.1 |
| veritas | netbackup_appliance | 4.1 |
| oracle | retail_customer_management_and_segmentation_foundation | 19.0 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.7.0 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 22.1.0 |
| oracle | retail_financial_integration | 16.0.3 |
| oracle | communications_cloud_native_core_network_exposure_function | 22.1.0 |
| oracle | weblogic_server | 14.1.1.0.0 |
| oracle | retail_integration_bus | 14.1.3.2 |
| veritas | flex_appliance | 2.0.1 |
| oracle | communications_cloud_native_core_network_slice_selection_function | 22.1.0 |
| oracle | sd-wan_edge | 9.1 |
| veritas | netbackup_virtual_appliance | 4.0.0.1 |
| oracle | retail_financial_integration | 15.0.3.1 |
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcloud_director | * |
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-178,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | cloud_secure_agent | - |
| netapp | active_iq_unified_manager | - |
| oracle | mysql_enterprise_monitor | * |
| netapp | snapmanager | - |
| netapp | metrocluster_tiebreaker | - |
| vmware | spring_framework | * |
| netapp | snap_creator_framework | - |
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.6 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-770,CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | cloud_secure_agent | - |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.3.0 |
| netapp | active_iq_unified_manager | - |
| vmware | spring_framework | * |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.2.0 |
| netapp | brocade_san_navigator | - |
| netapp | oncommand_insight | - |
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | cloud_secure_agent | - |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.3.0 |
| vmware | spring_framework | * |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.2.0 |
| netapp | oncommand_insight | - |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.3 |
| vmware | cloud_foundation | 4.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.4 |
| vmware | cloud_foundation | 4.0 |
| vmware | cloud_foundation | 3.0.1 |
| vmware | cloud_foundation | 3.11.0.1 |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | vrealize_suite_lifecycle_manager | 8.4.1 |
| vmware | cloud_foundation | 3.8.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.0.1 |
| vmware | identity_manager | 3.3.6 |
| vmware | cloud_foundation | 3.5.1 |
| vmware | identity_manager | 3.3.4 |
| vmware | vrealize_automation | 7.6 |
| vmware | vrealize_suite_lifecycle_manager | 8.0 |
| vmware | cloud_foundation | 4.2.1 |
| vmware | cloud_foundation | 3.5 |
| vmware | vrealize_suite_lifecycle_manager | 8.2 |
| vmware | cloud_foundation | 4.0.1 |
| vmware | cloud_foundation | 3.10 |
| vmware | cloud_foundation | 4.3.1 |
| vmware | cloud_foundation | 3.0 |
| vmware | cloud_foundation | 4.1.0.1 |
| vmware | cloud_foundation | 3.8 |
| vmware | cloud_foundation | 3.10.2.2 |
| vmware | cloud_foundation | 3.9.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.8 |
| vmware | vrealize_suite_lifecycle_manager | 8.6.2 |
| vmware | cloud_foundation | 3.9 |
| vmware | vrealize_suite_lifecycle_manager | 8.3 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | cloud_foundation | 4.2 |
| vmware | identity_manager | 3.3.5 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.6 |
| vmware | vrealize_suite_lifecycle_manager | 8.6.1 |
| vmware | cloud_foundation | 3.7.2 |
| vmware | cloud_foundation | 3.0.1.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.7 |
| vmware | cloud_foundation | 3.10.1.2 |
| vmware | cloud_foundation | 3.11 |
| vmware | cloud_foundation | 3.10.1 |
| vmware | cloud_foundation | 3.7 |
| vmware | cloud_foundation | 3.10.2.1 |
| vmware | cloud_foundation | 4.3 |
| vmware | cloud_foundation | 3.7.1 |
| vmware | cloud_foundation | 3.10.1.1 |
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_suite_lifecycle_manager | 8.8 |
| vmware | identity_manager | 3.3.3 |
| vmware | cloud_foundation | 4.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.4 |
| vmware | cloud_foundation | 4.0 |
| vmware | vrealize_suite_lifecycle_manager | 8.6.2 |
| vmware | workspace_one_access | 21.08.0.0 |
| vmware | vrealize_suite_lifecycle_manager | 8.3 |
| vmware | vrealize_suite_lifecycle_manager | 8.4.1 |
| vmware | workspace_one_access | 20.10.0.0 |
| vmware | cloud_foundation | 4.2 |
| vmware | identity_manager | 3.3.5 |
| vmware | workspace_one_access | 21.08.0.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.1 |
| vmware | workspace_one_access | 20.10.0.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.0.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.6 |
| vmware | identity_manager | 3.3.6 |
| vmware | vrealize_suite_lifecycle_manager | 8.6.1 |
| vmware | identity_manager | 3.3.4 |
| vmware | vrealize_suite_lifecycle_manager | 8.0 |
| vmware | cloud_foundation | 4.2.1 |
| vmware | vrealize_suite_lifecycle_manager | 8.2 |
| vmware | vrealize_suite_lifecycle_manager | 8.7 |
| vmware | cloud_foundation | 4.0.1 |
| vmware | cloud_foundation | 4.3 |
| vmware | cloud_foundation | 4.3.1 |
| vmware | cloud_foundation | 4.1.0.1 |
An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. An attack would involve the malicious user changing the common name (CN) of their user entry on the LDAP or AD server to include special characters, which could be used to perform LDAP query injection on the Supervisor's LDAP query which determines their Kubernetes group membership.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.6 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.7 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | pinniped | * |
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | 5.2.0 |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.3.0 |
| netapp | active_iq_unified_manager | - |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.2.0 |
| vmware | spring_security | * |
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-863,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.3.0 |
| netapp | active_iq_unified_manager | - |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.2.0 |
| vmware | spring_security | * |
In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_function | * |
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-917,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_data_mongodb | 3.4.0 |
| vmware | spring_data_mongodb | * |
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N | 1.5 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | * |
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVSS 2.0
Severity: LOW
Problem Type: CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| amd | athlon_silver_3050u_firmware | - |
| amd | epyc_7532_firmware | - |
| amd | epyc_7002_firmware | - |
| amd | athlon_x4_835_firmware | - |
| amd | ryzen_5_4600u_firmware | - |
| amd | ryzen_threadripper_3970x_firmware | - |
| amd | ryzen_7_2700x_firmware | - |
| amd | ryzen_7_3700x_firmware | - |
| amd | ryzen_5_2600x_firmware | - |
| amd | epyc_7f32_firmware | - |
| fedoraproject | fedora | 36 |
| amd | a10-9600p_firmware | - |
| amd | ryzen_7_4700u_firmware | - |
| amd | athlon_x4_760k_firmware | - |
| amd | ryzen_threadripper_3960x_firmware | - |
| amd | epyc_7551_firmware | - |
| amd | ryzen_5_2700_firmware | - |
| amd | ryzen_3_3300u_firmware | - |
| amd | ryzen_5_3450g_firmware | - |
| amd | ryzen_5_4600g_firmware | - |
| amd | ryzen_9_4900h_firmware | - |
| amd | ryzen_3_3200u_firmware | - |
| amd | ryzen_3_3300x_firmware | - |
| amd | ryzen_7_3750h_firmware | - |
| amd | ryzen_threadripper_pro_5965wx_firmware | - |
| amd | epyc_7601_firmware | - |
| amd | ryzen_5_3600x_firmware | - |
| amd | athlon_gold_3150u_firmware | - |
| amd | epyc_7502p_firmware | - |
| amd | ryzen_7_4700ge_firmware | - |
| amd | epyc_7402p_firmware | - |
| amd | ryzen_3_3250u_firmware | - |
| amd | epyc_7552_firmware | - |
| amd | ryzen_5_2500u_firmware | - |
| amd | a12-9730p_firmware | - |
| amd | ryzen_5_2600_firmware | - |
| amd | ryzen_5_2700x_firmware | - |
| amd | a6-9220c_firmware | - |
| amd | epyc_7352_firmware | - |
| amd | athlon_x4_845_firmware | - |
| amd | ryzen_threadripper_pro_5955wx_firmware | - |
| amd | ryzen_7_3800x_firmware | - |
| amd | ryzen_threadripper_pro_3955wx_firmware | - |
| amd | epyc_7351p_firmware | - |
| amd | epyc_7742_firmware | - |
| amd | a10-9630p_firmware | - |
| amd | athlon_x4_940_firmware | - |
| amd | ryzen_5_3400g_firmware | - |
| amd | athlon_x4_870k_firmware | - |
| amd | a4-9120_firmware | - |
| amd | ryzen_7_2700u_firmware | - |
| amd | epyc_7261_firmware | - |
| amd | ryzen_threadripper_2970wx_firmware | - |
| amd | epyc_7252_firmware | - |
| amd | epyc_7642_firmware | - |
| amd | epyc_7262_firmware | - |
| amd | ryzen_5_4500u_firmware | - |
| amd | ryzen_7_2800h_firmware | - |
| amd | epyc_7282_firmware | - |
| amd | ryzen_threadripper_2950x_firmware | - |
| amd | epyc_7371_firmware | - |
| amd | athlon_x4_950_firmware | - |
| amd | ryzen_3_4300g_firmware | - |
| amd | athlon_x4_880k_firmware | - |
| amd | ryzen_threadripper_pro_5945wx_firmware | - |
| amd | a6-9220_firmware | - |
| amd | ryzen_threadripper_pro_3795wx_firmware | - |
| amd | ryzen_5_3600xt_firmware | - |
| amd | ryzen_7_4800u_firmware | - |
| amd | ryzen_7_3700u_firmware | - |
| amd | epyc_7702_firmware | - |
| amd | ryzen_threadripper_2920x_firmware | - |
| amd | epyc_7551p_firmware | - |
| amd | ryzen_3_4300ge_firmware | - |
| amd | ryzen_5_3500u_firmware | - |
| amd | ryzen_3_2200u_firmware | - |
| amd | ryzen_3_2300u_firmware | - |
| amd | epyc_7401p_firmware | - |
| amd | athlon_x4_830_firmware | - |
| amd | epyc_7272_firmware | - |
| amd | ryzen_7_4800h_firmware | - |
| amd | ryzen_threadripper_3990x_firmware | - |
| amd | ryzen_5_3600_firmware | - |
| amd | ryzen_5_2600h_firmware | - |
| amd | athlon_x4_750_firmware | - |
| fedoraproject | fedora | 35 |
| amd | epyc_7251_firmware | - |
| amd | a12-9700p_firmware | - |
| amd | ryzen_threadripper_2990wx_firmware | - |
| amd | athlon_x4_860k_firmware | - |
| amd | epyc_7302_firmware | - |
| amd | ryzen_threadripper_pro_3945wx_firmware | - |
| amd | a9-9410_firmware | - |
| amd | ryzen_5_3550h_firmware | - |
| amd | epyc_7f72_firmware | - |
| amd | ryzen_3_4300u_firmware | - |
| amd | epyc_7542_firmware | - |
| amd | epyc_7451_firmware | - |
| amd | epyc_7402_firmware | - |
| amd | epyc_7662_firmware | - |
| amd | epyc_7401_firmware | - |
| amd | ryzen_threadripper_pro_5975wx_firmware | - |
| amd | epyc_7351_firmware | - |
| amd | epyc_7f52_firmware | - |
| amd | ryzen_threadripper_pro_3995wx_firmware | - |
| amd | a6-9210_firmware | - |
| debian | debian_linux | 11.0 |
| amd | ryzen_3_3100_firmware | - |
| amd | epyc_7501_firmware | - |
| amd | ryzen_3_3300g_firmware | - |
| amd | epyc_7h12_firmware | - |
| amd | epyc_7001_firmware | - |
| amd | epyc_7281_firmware | - |
| amd | epyc_7301_firmware | - |
| amd | athlon_x4_970_firmware | - |
| vmware | esxi | 7.0 |
| amd | ryzen_threadripper_pro_5995wx_firmware | - |
| amd | ryzen_7_2700_firmware | - |
| amd | ryzen_5_4600ge_firmware | - |
| amd | ryzen_7_4700g_firmware | - |
| amd | a9-9420_firmware | - |
| amd | epyc_7452_firmware | - |
| amd | epyc_7302p_firmware | - |
| amd | ryzen_7_3800xt_firmware | - |
| amd | ryzen_5_4600h_firmware | - |
| amd | athlon_x4_840_firmware | - |
| amd | epyc_7502_firmware | - |
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 2.0 | 4.0 |
| vulnerability@ncsc.ch | 5.6 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | 1.1 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intel | core_i3-8100h_firmware | - |
| intel | core_m5-6y57_firmware | - |
| debian | debian_linux | 10.0 |
| intel | core_i7-8700t_firmware | - |
| intel | core_i7-6920hq_firmware | - |
| intel | core_i5-8250u_firmware | - |
| intel | core_i7-6822eq_firmware | - |
| intel | core_i3-6100_firmware | - |
| fedoraproject | fedora | 36 |
| intel | core_i7-6820hk_firmware | - |
| intel | core_i7-8705g_firmware | - |
| intel | core_i5-6500te_firmware | - |
| intel | core_i5-8300h_firmware | - |
| intel | core_i7-8750h_firmware | - |
| intel | core_i7-6500u_firmware | - |
| intel | core_i5-8210y_firmware | - |
| xen | xen | - |
| intel | core_i3-6100h_firmware | - |
| intel | core_i5-8200y_firmware | - |
| intel | core_i5-6360u_firmware | - |
| intel | core_i3-6320_firmware | - |
| intel | core_i7-8709g_firmware | - |
| intel | core_i5-8400_firmware | - |
| intel | core_i7-8510y_firmware | - |
| intel | core_i5-8259u_firmware | - |
| intel | core_i5-8420t_firmware | - |
| intel | core_i5-6440eq_firmware | - |
| intel | core_i5-6300hq_firmware | - |
| intel | core_i5-8365u_firmware | - |
| intel | core_i7-8700_firmware | - |
| intel | core_i3-8020_firmware | - |
| intel | core_i3-8350k_firmware | - |
| intel | core_i5-6400t_firmware | - |
| intel | core_i5-8400h_firmware | - |
| intel | core_i7-6660u_firmware | - |
| intel | core_i7-8670t_firmware | - |
| intel | core_i7-8670_firmware | - |
| intel | core_i7-6700hq_firmware | - |
| intel | core_i3-8130u_firmware | - |
| intel | core_i5-8600k_firmware | - |
| intel | core_m3-8100y_firmware | - |
| intel | core_i7-8700k_firmware | - |
| intel | core_i5-6500_firmware | - |
| intel | core_i7-6650u_firmware | - |
| intel | core_i3-6120_firmware | - |
| intel | core_i3-8000t_firmware | - |
| intel | core_i5-8600t_firmware | - |
| intel | core_i7-6820hq_firmware | - |
| intel | core_i5-6400_firmware | - |
| intel | core_i7-6700_firmware | - |
| intel | core_i3-6110u_firmware | - |
| intel | core_i5-8305g_firmware | - |
| intel | core_i5-8400t_firmware | - |
| intel | core_i3-6100u_firmware | - |
| intel | core_i7-8706g_firmware | - |
| intel | core_i7-6820eq_firmware | - |
| intel | core_i5-8350u_firmware | - |
| intel | core_i7-8750hf_firmware | - |
| intel | core_i7-6870hq_firmware | - |
| intel | core_i3-8300_firmware | - |
| intel | core_i7-8550u_firmware | - |
| intel | core_i7-6970hq_firmware | - |
| intel | core_i5-6210u_firmware | - |
| intel | core_i3-6167u_firmware | - |
| intel | core_i9-8950hk_firmware | - |
| intel | core_i3-8000_firmware | - |
| intel | core_i7-8665u_firmware | - |
| intel | core_i7-8500y_firmware | - |
| intel | core_i3-8100_firmware | - |
| intel | core_i3-6102e_firmware | - |
| intel | core_i5-6600_firmware | - |
| intel | core_i3-8100t_firmware | - |
| intel | core_i7-8565u_firmware | - |
| intel | core_i5-6442eq_firmware | - |
| intel | core_i3-6100t_firmware | - |
| intel | core_i5-6310u_firmware | - |
| intel | core_i7-8850h_firmware | - |
| intel | core_i5-6200u_firmware | - |
| intel | core_i7-6600u_firmware | - |
| intel | core_i5-6600t_firmware | - |
| intel | core_i7-8700b_firmware | - |
| intel | core_i7-8809g_firmware | - |
| intel | core_i5-8420_firmware | - |
| intel | core_i5-8550u_firmware | - |
| intel | core_i5-8310y_firmware | - |
| intel | core_i5-6260u_firmware | - |
| intel | core_i5-6350hq_firmware | - |
| fedoraproject | fedora | 35 |
| intel | core_i7-6700te_firmware | - |
| intel | core_i5-8550_firmware | - |
| intel | core_i7-8569u_firmware | - |
| intel | core_i7-6560u_firmware | - |
| intel | core_i5-6300u_firmware | - |
| intel | core_m3-6y30_firmware | - |
| intel | core_i5-8500t_firmware | - |
| intel | core_i3-8145u_firmware | - |
| intel | core_i5-8650k_firmware | - |
| intel | core_i7-6567u_firmware | - |
| intel | core_i5-6267u_firmware | - |
| intel | core_i3-8300t_firmware | - |
| intel | core_i5-8600_firmware | - |
| intel | core_i5-6500t_firmware | - |
| intel | core_i5-6440hq_firmware | - |
| intel | core_i5-6287u_firmware | - |
| intel | core_i7-8650u_firmware | - |
| debian | debian_linux | 11.0 |
| intel | core_m7-6y75_firmware | - |
| intel | core_i5-8269u_firmware | - |
| intel | core_m5-6y54_firmware | - |
| intel | core_i7-8559u_firmware | - |
| intel | core_i7-6770hq_firmware | - |
| intel | core_i5-8500b_firmware | - |
| intel | core_i3-6100te_firmware | - |
| vmware | esxi | 7.0 |
| intel | core_i5-8650_firmware | - |
| intel | core_i5-8265u_firmware | - |
| intel | core_i3-6300_firmware | - |
| intel | core_i7-8557u_firmware | - |
| intel | core_i5-8500_firmware | - |
| intel | core_i3-8109u_firmware | - |
| intel | core_i5-8400b_firmware | - |
| intel | core_i3-8120_firmware | - |
| intel | core_i3-6300t_firmware | - |
| intel | core_i5-6600k_firmware | - |
| intel | core_i7-8560u_firmware | - |
| intel | core_i7-6700t_firmware | - |
| intel | core_i3-6320t_firmware | - |
| intel | core_i3-6120t_firmware | - |
| intel | core_i7-6700k_firmware | - |
| intel | core_i3-6100e_firmware | - |
| intel | core_i7-6510u_firmware | - |
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| security-advisories@github.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | * |
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | access_connector | 21.08.0.0 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | access_connector | 22.05 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.5 |
| vmware | one_access | 21.08.0.0 |
| vmware | one_access | 21.08.0.1 |
| vmware | access_connector | 21.08.0.1 |
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | access_connector | 21.08.0.0 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | access_connector | 22.05 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.5 |
| vmware | one_access | 21.08.0.0 |
| vmware | one_access | 21.08.0.1 |
| vmware | access_connector | 21.08.0.1 |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | access_connector | 21.08.0.0 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | access_connector | 22.05 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.5 |
| vmware | one_access | 21.08.0.0 |
| vmware | one_access | 21.08.0.1 |
| vmware | access_connector | 21.08.0.1 |
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | access_connector | 22.08.0.0 |
| vmware | access_connector | 22.05 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.5 |
| vmware | access_connector | 22.08.0.1 |
| vmware | one_access | 21.08.0.0 |
| vmware | one_access | 21.08.0.1 |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | access_connector | 21.08.0.0 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | access_connector | 22.05 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.5 |
| vmware | one_access | 21.08.0.0 |
| vmware | one_access | 21.08.0.1 |
| vmware | access_connector | 21.08.0.1 |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | access_connector | 21.08.0.0 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | access_connector | 22.05 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.5 |
| vmware | one_access | 21.08.0.0 |
| vmware | one_access | 21.08.0.1 |
| vmware | access_connector | 21.08.0.1 |
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | access_connector | 21.08.0.0 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | access_connector | 22.05 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.5 |
| vmware | one_access | 21.08.0.0 |
| vmware | one_access | 21.08.0.1 |
| vmware | access_connector | 21.08.0.1 |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | access_connector | 21.08.0.0 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | access_connector | 22.05 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.5 |
| vmware | one_access | 21.08.0.0 |
| vmware | one_access | 21.08.0.1 |
| vmware | access_connector | 21.08.0.1 |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | access_connector | 21.08.0.0 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | access_connector | 22.05 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.5 |
| vmware | one_access | 21.08.0.0 |
| vmware | one_access | 21.08.0.1 |
| vmware | access_connector | 21.08.0.1 |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager_connector | 3.3.4 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | identity_manager | 3.3.4 |
| vmware | identity_manager_connector | 3.3.5 |
| vmware | identity_manager | 3.3.5 |
| vmware | one_access | 21.08.0.0 |
| vmware | identity_manager_connector | 19.03.0.1 |
| vmware | one_access | 21.08.0.1 |
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 37 |
| debian | debian_linux | 11.0 |
| vmware | tools | * |
| debian | debian_linux | 10.0 |
| netapp | ontap_select_deploy_administration_utility | - |
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | pinniped | * |
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | nsx_data_center | * |
| vmware | cloud_foundation | * |
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_data_rest | * |
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcenter_server | 6.5 |
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H | 2.0 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | esxi | * |
| vmware | cloud_foundation | 4.4.1.1 |
| vmware | cloud_foundation | * |
| vmware | cloud_foundation | 4.4.1 |
| vmware | cloud_foundation | 4.4 |
VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_assist | * |
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_assist | * |
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_assist | * |
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_assist | * |
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_assist | * |
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| vmware | spring_security | * |
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot_tools | * |
| vmware | concourse_ci_pipeline_editor | * |
| vmware | spring_tools | * |
| vmware | bosh_editor | * |
| vmware | cloudfoundry_manifest_yml_support | * |
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| vmware | spring_security | * |
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | cloud_foundation | 4.5 |
| vmware | cloud_foundation | 4.4.1.1 |
| vmware | cloud_foundation | 4.4.1 |
| vmware | esxi | 6.7 |
| vmware | cloud_foundation | 4.4 |
| vmware | cloud_foundation | 3.11 |
| vmware | cloud_foundation | 3.10 |
| vmware | cloud_foundation | 4.76 |
| vmware | cloud_foundation | * |
| vmware | esxi | 6.5 |
| vmware | cloud_foundation | 4.3.11 |
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 6.5 |
| vmware | vcenter_server | 7.0 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | * |
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | 3.10.2.2 |
| vmware | cloud_foundation | 3.9.1 |
| vmware | cloud_foundation | 4.1 |
| vmware | vcenter_server | 7.0 |
| vmware | cloud_foundation | 4.0 |
| vmware | cloud_foundation | 3.9 |
| vmware | cloud_foundation | 3.0.1 |
| vmware | cloud_foundation | 4.4.1 |
| vmware | cloud_foundation | 4.4 |
| vmware | cloud_foundation | 4.2 |
| vmware | vcenter_server | 6.5 |
| vmware | cloud_foundation | 3.8.1 |
| vmware | cloud_foundation | 3.5.1 |
| vmware | cloud_foundation | 3.7.2 |
| vmware | cloud_foundation | 3.10.2 |
| vmware | vcenter_server | 6.7 |
| vmware | cloud_foundation | 3.0.1.1 |
| vmware | cloud_foundation | 4.4.1.1 |
| vmware | cloud_foundation | 4.2.1 |
| vmware | cloud_foundation | 3.5 |
| vmware | cloud_foundation | 4.0.1 |
| vmware | cloud_foundation | 3.10.1.2 |
| vmware | cloud_foundation | 3.11 |
| vmware | cloud_foundation | 3.10.1 |
| vmware | cloud_foundation | 3.10 |
| vmware | cloud_foundation | 3.7 |
| vmware | cloud_foundation | 3.10.2.1 |
| vmware | cloud_foundation | 4.3 |
| vmware | cloud_foundation | 4.3.1 |
| vmware | cloud_foundation | 3.0 |
| vmware | cloud_foundation | 4.1.0.1 |
| vmware | cloud_foundation | 3.7.1 |
| vmware | cloud_foundation | 3.8 |
| vmware | cloud_foundation | 3.10.1.1 |
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | 3.10.2.2 |
| vmware | cloud_foundation | 3.9.1 |
| vmware | cloud_foundation | 4.1 |
| vmware | cloud_foundation | 4.0 |
| vmware | cloud_foundation | 3.9 |
| vmware | cloud_foundation | 3.0.1 |
| vmware | cloud_foundation | 4.4.1 |
| vmware | cloud_foundation | 4.4 |
| vmware | cloud_foundation | 4.2 |
| vmware | cloud_foundation | 3.8.1 |
| vmware | cloud_foundation | 3.5.1 |
| vmware | cloud_foundation | 3.7.2 |
| vmware | esxi | 7.0 |
| vmware | cloud_foundation | 3.0.1.1 |
| vmware | cloud_foundation | 4.4.1.1 |
| vmware | cloud_foundation | 4.2.1 |
| vmware | cloud_foundation | 3.5 |
| vmware | esxi | 6.7 |
| vmware | cloud_foundation | 4.0.1 |
| vmware | cloud_foundation | 3.10.1.2 |
| vmware | cloud_foundation | 3.11 |
| vmware | cloud_foundation | 3.10.1 |
| vmware | cloud_foundation | 3.10 |
| vmware | cloud_foundation | 3.7 |
| vmware | cloud_foundation | 3.10.2.1 |
| vmware | cloud_foundation | 4.3 |
| vmware | cloud_foundation | 4.3.1 |
| vmware | cloud_foundation | 3.0 |
| vmware | cloud_foundation | 4.1.0.1 |
| vmware | esxi | 6.5 |
| vmware | cloud_foundation | 3.7.1 |
| vmware | cloud_foundation | 3.8 |
| vmware | cloud_foundation | 3.10.1.1 |
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | access | 21.08.0.0 |
| vmware | cloud_foundation | - |
| vmware | access | 21.08.0.1 |
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | access | 21.08.0.0 |
| vmware | identity_manager_connector | 3.3.6 |
| vmware | cloud_foundation | * |
| vmware | access | 22.09.0.0 |
| vmware | access | 21.08.0.1 |
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_network_insight | 6.4.0 |
| vmware | vrealize_network_insight | 6.5.1 |
| vmware | vrealize_network_insight | 6.6.0 |
| vmware | vrealize_network_insight | 6.7.0 |
| vmware | vrealize_network_insight | 6.2.0 |
| vmware | vrealize_network_insight | 6.3.0 |
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | esxi | 8.0 |
| vmware | fusion | * |
| vmware | workstation | * |
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
| vmware | vrealize_operations | 8.10.0 |
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
| vmware | vrealize_operations | 8.10.0 |
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_log_insight | * |
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@intel.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | 1.8 | 2.5 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | ixgben | * |
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secure@intel.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | ixgben | * |
A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | hyperic_server | 5.8.6 |
A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | hyperic_server | 5.8.6 |
A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | hyperic_agent | 5.8.6 |
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H | 2.0 | 5.8 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 17.0 |
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_orchestrator | * |
| vmware | vrealize_automation | * |
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | * |
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_content | * |
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | carbon_black_app_control | * |
In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_config | * |
| vmware | spring_cloud_vault | * |
| vmware | spring_cloud_vault | 4.0.0 |
| vmware | spring_vault | * |
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | * |
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | * |
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| vmware | spring_security | * |
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | * |
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_logs | * |
| vmware | cloud_foundation | * |
VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_logs | * |
| vmware | cloud_foundation | * |
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_session | 3.0.0 |
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 3.9 | LOW | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N | 0.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| debian | debian_linux | 11.0 |
| vmware | tools | * |
| fedoraproject | fedora | 39 |
| debian | debian_linux | 10.0 |
| fedoraproject | fedora | 38 |
| debian | debian_linux | 12.0 |
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| broadcom | vmware_nsx-t_data_center | * |
| vmware | nsx-t_data_center | * |
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | 13.0.0 |
| vmware | workstation | 17.0.0 |
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | 8.10.0 |
| vmware | vrealize_operations | 8.6.0 |
| vmware | cloud_foundation | * |
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | 8.10.0 |
| vmware | vrealize_operations | 8.6.0 |
| vmware | cloud_foundation | * |
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_operations | 8.10.0 |
| vmware | vrealize_operations | 8.6.0 |
| vmware | cloud_foundation | * |
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations | * |
| vmware | cloud_foundation | * |
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | identity_manager | 3.3.6 |
| vmware | identity_manager | 3.3.7 |
| vmware | cloud_foundation | - |
| vmware | workspace_one_access | * |
| vmware | identity_manager_connector | * |
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| security@vmware.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_uem | * |
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_networks | * |
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_network_insight | * |
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vrealize_network_insight | * |
Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_networks | * |
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | isolation_segment | * |
| vmware | tanzu_application_service_for_virtual_machines | * |
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | sd-wan_edge_firmware | * |
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
| security@vmware.com | 7.1 | HIGH | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| debian | debian_linux | 11.0 |
| vmware | tools | * |
| fedoraproject | fedora | 39 |
| debian | debian_linux | 10.0 |
| vmware | open_vm_tools | * |
| fedoraproject | fedora | 38 |
| debian | debian_linux | 12.0 |
| netapp | ontap_select_deploy_administration_utility | - |
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache | shiro | * |
| vmware | spring_boot | 2.6.0 |
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_server | 12 |
| service_location_protocol_project | service_location_protocol | - |
| suse | linux_enterprise_server | 15 |
| vmware | esxi | * |
| suse | manager_server | - |
| suse | linux_enterprise_server | 11 |
| netapp | smi-s_provider | - |
Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.2 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | greenplum_database | * |
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | * |
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | * |
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded… headers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
| security@vmware.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_hateoas | 2.1.0 |
| vmware | spring_hateoas | * |
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | 2006 |
| vmware | horizon_client | 2111.1 |
| vmware | horizon_client | 2111 |
| vmware | horizon_client | 2212 |
| vmware | horizon_client | 2012 |
| vmware | horizon_client | 2106 |
| vmware | horizon_client | 2103 |
| vmware | horizon_client | 2203 |
VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | horizon_client | 2006 |
| vmware | horizon_client | 2111.1 |
| vmware | horizon_client | 2111 |
| vmware | horizon_client | 2212 |
| vmware | horizon_client | 2012 |
| vmware | horizon_client | 2106 |
| vmware | horizon_client | 2103 |
| vmware | horizon_client | 2203 |
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_networks | * |
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_for_apache_kafka | * |
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
| security@vmware.com | 4.1 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N | 0.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | 5.7.10 |
| vmware | spring_security | * |
| vmware | spring_security | 5.7.9 |
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | 5.0 |
| vmware | aria_operations | 8.12.0 |
| vmware | aria_operations | 8.10.0 |
| vmware | cloud_foundation | * |
| vmware | aria_operations | 8.6.0 |
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N | 1.5 | 4.0 |
| security@vmware.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 2.5 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.6 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N | 1.3 | 5.2 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
| security@vmware.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| security@vmware.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N | 1.6 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_for_graphql | * |
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| security@vmware.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H | 0.7 | 4.2 |
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_advanced_message_queuing_protocol | * |
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_logs | 8.6 |
| vmware | aria_operations_for_logs | 8.10 |
| vmware | aria_operations_for_logs | 8.8 |
| vmware | aria_operations_for_logs | 8.12 |
| vmware | aria_operations_for_logs | 4.0 |
| vmware | aria_operations_for_logs | 8.10.2 |
| vmware | aria_operations_for_logs | 5.0 |
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_logs | 8.12 |
| vmware | aria_operations_for_logs | 4.0 |
| vmware | aria_operations_for_logs | 8.10.2 |
| vmware | aria_operations_for_logs | 5.0 |
In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | * |
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| security@vmware.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | * |
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | tools | * |
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.1 | HIGH | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| debian | debian_linux | 11.0 |
| vmware | tools | * |
| fedoraproject | fedora | 39 |
| debian | debian_linux | 10.0 |
| vmware | open_vm_tools | * |
| fedoraproject | fedora | 38 |
| debian | debian_linux | 12.0 |
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
| security@vmware.com | 7.4 | HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.4 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 11.0 |
| debian | debian_linux | 10.0 |
| vmware | open_vm_tools | * |
| debian | debian_linux | 12.0 |
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_director | * |
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H | 2.8 | 5.5 |
| security@vmware.com | 9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H | 3.1 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | 4.0 |
| vmware | aria_automation | 8.11.1 |
| vmware | aria_automation | 8.11.0 |
| vmware | aria_automation | 8.12.1 |
| vmware | cloud_foundation | 5.0 |
| vmware | aria_automation | 8.13.1 |
| vmware | aria_automation | 8.12.2 |
| vmware | aria_automation | 8.13.0 |
| vmware | aria_automation | 8.11.2 |
| vmware | aria_automation | 8.12.0 |
| vmware | aria_automation | 8.14.0 |
| vmware | aria_automation | 8.14.1 |
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 0.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | workspace_one_launcher | * |
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| security-advisories@github.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq | * |
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| security-advisories@github.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | rabbitmq_java_client | * |
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| security@vmware.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | 6.0.15 |
| vmware | spring_framework | 6.1.2 |
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations | * |
| vmware | cloud_foundation | * |
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| security@vmware.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_contract | * |
| vmware | spring_cloud_contract | 4.1.0 |
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| security@vmware.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_networks | * |
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
| security@vmware.com | 6.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H | 0.9 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_networks | * |
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_networks | * |
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_networks | * |
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L | 0.9 | 3.4 |
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_networks | * |
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.9 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N | 1.4 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.3 | CRITICAL | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 2.5 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | esxi | 7.0 |
| vmware | esxi | 8.0 |
| vmware | fusion | * |
| vmware | workstation | * |
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.3 | CRITICAL | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 2.5 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | esxi | 7.0 |
| vmware | esxi | 8.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | workstation | * |
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.9 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N | 1.5 | 5.8 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | esxi | 7.0 |
| vmware | esxi | 8.0 |
| vmware | cloud_foundation | * |
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 2.5 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0.0 |
| vmware | esxi | 7.0 |
| vmware | esxi | 8.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | workstation | * |
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_director | * |
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| vmware | spring_framework | * |
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H | 2.5 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 2.5 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 2.5 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.1 | HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | 1.4 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | esxi | 8.0 |
| vmware | fusion | * |
| vmware | cloud_foundation | * |
| vmware | workstation | * |
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
| vmware | cloud_foundation | * |
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
| vmware | cloud_foundation | * |
VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | 3.1 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_director | * |
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N | 3.1 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_automation | * |
| vmware | cloud_foundation | * |
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
| vmware | cloud_foundation | * |
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
| vmware | cloud_foundation | * |
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_cloud_data_flow | * |
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | esxi | 8.0 |
| vmware | cloud_foundation | * |
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.8 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | 2.5 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | esxi | 7.0 |
| vmware | esxi | 8.0 |
| vmware | cloud_foundation | * |
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
| vmware | cloud_foundation | * |
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | active_iq_unified_manager | - |
| vmware | spring_framework | * |
| netapp | oncommand_insight | - |
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | * |
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
| vmware | cloud_foundation | * |
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vcenter_server | 8.0 |
| vmware | vcenter_server | 7.0 |
| vmware | cloud_foundation | * |
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | vmware_hcx | 4.10.0 |
| vmware | vmware_hcx | * |
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N | 1.6 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | * |
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations | * |
| vmware | cloud_foundation | * |
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations | * |
| vmware | cloud_foundation | * |
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L | 2.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations | * |
| vmware | cloud_foundation | * |
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L | 2.1 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations | * |
| vmware | cloud_foundation | * |
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N | 1.3 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations | * |
| vmware | cloud_foundation | * |
VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H | 1.8 | 6.0 |
| nvd@nist.gov | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 3.1 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_logs | * |
| vmware | cloud_foundation | * |
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| nvd@nist.gov | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_logs | * |
| vmware | cloud_foundation | * |
VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_logs | * |
| vmware | cloud_foundation | * |
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.2 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N | 0.9 | 4.2 |
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations_for_logs | * |
| vmware | cloud_foundation | * |
VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | 3.1 | 4.0 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | aria_operations | * |
| vmware | cloud_foundation | * |
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.3 | CRITICAL | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 2.5 | 6.0 |
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_infrastructure | 3.0 |
| vmware | esxi | 7.0 |
| vmware | telco_cloud_infrastructure | 2.2 |
| vmware | telco_cloud_infrastructure | 2.5 |
| vmware | telco_cloud_platform | 3.0 |
| vmware | telco_cloud_platform | 4.0.1 |
| vmware | telco_cloud_platform | 5.0 |
| vmware | telco_cloud_platform | 2.0 |
| vmware | cloud_foundation | - |
| vmware | telco_cloud_infrastructure | 2.7 |
| vmware | esxi | 8.0 |
| vmware | telco_cloud_platform | 4.0 |
| vmware | telco_cloud_platform | 2.7 |
| vmware | telco_cloud_platform | 2.5 |
| vmware | workstation | * |
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_infrastructure | 3.0 |
| vmware | esxi | 7.0 |
| vmware | telco_cloud_infrastructure | 2.2 |
| vmware | telco_cloud_infrastructure | 2.5 |
| vmware | telco_cloud_platform | 3.0 |
| vmware | telco_cloud_platform | 4.0.1 |
| vmware | telco_cloud_platform | 5.0 |
| vmware | telco_cloud_platform | 2.0 |
| vmware | cloud_foundation | - |
| vmware | telco_cloud_infrastructure | 2.7 |
| vmware | esxi | 8.0 |
| vmware | telco_cloud_platform | 4.0 |
| vmware | telco_cloud_platform | 2.7 |
| vmware | telco_cloud_platform | 2.5 |
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 2.5 | 4.0 |
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N | 1.5 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_infrastructure | 3.0 |
| vmware | esxi | 7.0 |
| vmware | telco_cloud_infrastructure | 2.2 |
| vmware | telco_cloud_infrastructure | 2.5 |
| vmware | telco_cloud_platform | 3.0 |
| vmware | telco_cloud_platform | 4.0.1 |
| vmware | telco_cloud_platform | 5.0 |
| vmware | telco_cloud_platform | 2.0 |
| vmware | cloud_foundation | - |
| vmware | telco_cloud_infrastructure | 2.7 |
| vmware | esxi | 8.0 |
| vmware | fusion | * |
| vmware | telco_cloud_platform | 4.0 |
| vmware | telco_cloud_platform | 2.7 |
| vmware | telco_cloud_platform | 2.5 |
| vmware | workstation | * |
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H | 1.7 | 5.3 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_platform | * |
| broadcom | vmware_nsx | * |
| vmware | telco_cloud_infrastructure | * |
| broadcom | vmware_nsx | 4.2.2 |
| vmware | cloud_foundation | * |
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N | 1.7 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_platform | * |
| broadcom | vmware_nsx | * |
| vmware | telco_cloud_infrastructure | * |
| broadcom | vmware_nsx | 4.2.2 |
| vmware | cloud_foundation | * |
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L | 1.7 | 3.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_platform | * |
| broadcom | vmware_nsx | * |
| vmware | telco_cloud_infrastructure | * |
| broadcom | vmware_nsx | 4.2.2 |
| vmware | cloud_foundation | * |
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_platform | * |
| vmware | aria_automation | 8.18.1 |
| vmware | aria_automation | 8.18.0 |
| vmware | cloud_foundation | * |
VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | 2.5 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | cloud_foundation | * |
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_platform | * |
| vmware | aria_operations | * |
| vmware | telco_cloud_infrastructure | * |
| debian | debian_linux | 11.0 |
| vmware | tools | * |
| vmware | cloud_foundation_operations | 9.0 |
| vmware | open_vm_tools | * |
| vmware | open_vm_tools | 13.0.0 |
| vmware | cloud_foundation | * |
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https:// .
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.0 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_platform | * |
| vmware | aria_operations | * |
| vmware | telco_cloud_infrastructure | * |
| vmware | cloud_foundation | * |
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.2 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L | 0.7 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | telco_cloud_platform | * |
| vmware | aria_operations | * |
| vmware | telco_cloud_infrastructure | * |
| vmware | cloud_foundation | * |
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents. This vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata. The vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters like ", ||, and && are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | 3.9 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_ai | * |
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_ai | * |
Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, or locked.This issue affects Spring Security: from 5.7.0 through 5.7.22, from 5.8.0 through 5.8.24, from 6.3.0 through 6.3.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | * |
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.6 | 5.2 |
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | * |
Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
| security@vmware.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.6 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | * |
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the application. This can lead to the authentication, authorization, and other security controls being rendered inactive on intended requests.This issue affects Spring Security: from 7.0.0 through 7.0.4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | * |
Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_security | * |
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_ai | * |
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | 3.9 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_ai | * |
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 4.2 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N | 1.6 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_grpc | * |
The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_grpc | * |
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); DevTools remote secret comparison. Versions that are no longer supported are also affected per vendor advisory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.5 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application's user. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); predictable temp directory / `ApplicationTemp` ownership verification. Versions that are no longer supported are also affected per vendor advisory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N | 2.2 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the above does not apply, the application is not vulnerable. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); PID file / symlink behavior (`ApplicationPidFileWriter`). Versions that are no longer supported are also affected per vendor advisory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H | 0.5 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_boot | * |
SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_ai | * |
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N | 1.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_ai | * |
In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security@vmware.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_ai | * |