All the vulnerabilites related to vmware - nsx-t_data_center
Vulnerability from fkie_nvd
Published
2021-04-19 15:15
Modified
2024-11-21 05:49
Severity ?
Summary
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0006.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0006.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | nsx-t_data_center | 3.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:nsx-t_data_center:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5248DB-C51D-4EF8-8B8C-B6117067FADA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level."
},
{
"lang": "es",
"value": "VMware NSX-T, contiene una vulnerabilidad de escalada de privilegios debido a un problema con la asignaci\u00f3n de roles RBAC (control de acceso basado en roles).\u0026#xa0;Una explotaci\u00f3n con \u00e9xito de este problema puede permitir a atacantes con una cuenta de usuario invitado local asignar privilegios superiores a su propio nivel de permiso"
}
],
"id": "CVE-2021-21981",
"lastModified": "2024-11-21T05:49:21.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-19T15:15:12.150",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0006.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-20 17:15
Modified
2024-11-21 05:32
Severity ?
Summary
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2020-0023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2020-0023.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | cloud_foundation | * | |
| vmware | nsx-t_data_center | * | |
| vmware | nsx-t_data_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A62C8589-3F25-4652-8CAA-EC10C64C2FF8",
"versionEndExcluding": "3.10.1.1",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A68886-4079-4BE1-9E51-6022ED680B86",
"versionEndExcluding": "4.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:nsx-t_data_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEB649B-3B44-4617-9E1E-F09FF361CD26",
"versionEndExcluding": "2.5.2.2.0",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:nsx-t_data_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A62AFA1-331B-4B22-8A67-BA1ED67816CB",
"versionEndExcluding": "3.0.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node."
},
{
"lang": "es",
"value": "VMware NSX-T (versiones 3.x anteriores 3.0.2, versiones 2.5.x anteriores a 2.5.2.2.0), contiene una vulnerabilidad de seguridad que se presenta en la manera en que permite que un host KVM descargue e instale paquetes desde el administrador de NSX.\u0026#xa0;Un actor malicioso con posicionamiento MITM puede ser capaz de explotar este problema para comprometer el nodo de transporte"
}
],
"id": "CVE-2020-3993",
"lastModified": "2024-11-21T05:32:07.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-20T17:15:12.903",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-26 18:15
Modified
2024-11-21 07:41
Severity ?
Summary
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | nsx-t_data_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:nsx-t_data_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9707D0F8-5EF2-4D5D-91FF-1F246718169C",
"versionEndExcluding": "3.2.3",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages."
}
],
"id": "CVE-2023-20868",
"lastModified": "2024-11-21T07:41:43.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-26T18:15:12.723",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0010.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-3993
Vulnerability from cvelistv5
Published
2020-10-20 16:11
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0023.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware NSX-T |
Version: VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware NSX-T",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "MITM vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T16:11:19",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware NSX-T",
"version": {
"version_data": [
{
"version_value": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MITM vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3993",
"datePublished": "2020-10-20T16:11:19",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20868
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:33.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NSX-T",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NSX-T 3.2.x VCF 4.5.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-26T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0010.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20868",
"datePublished": "2023-05-26T00:00:00",
"dateReserved": "2022-11-01T00:00:00",
"dateUpdated": "2024-08-02T09:21:33.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21981
Vulnerability from cvelistv5
Published
2021-04-19 14:37
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0006.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware NSX-T |
Version: VMware NSX-T 3.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware NSX-T",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware NSX-T 3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-19T14:37:21",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware NSX-T",
"version": {
"version_data": [
{
"version_value": "VMware NSX-T 3.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0006.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21981",
"datePublished": "2021-04-19T14:37:21",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}