All the vulnerabilites related to vmware - vcenter_server
cve-2021-22048
Vulnerability from cvelistv5
Published
2021-11-10 17:50
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0025.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T17:06:14",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html"
},
{
"name": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html"
},
{
"name": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22048",
"datePublished": "2021-11-10T17:50:53",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3976
Vulnerability from cvelistv5
Published
2020-08-21 12:37
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0018.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | ESXi, vCenter Server, and Cloud Foundation |
Version: ESXi 7.0, 6.7, 6.5, vCenter Server 7.0, 6.7, 6.5, and Cloud Foundation 4.x.x, and 3.x.x release lines. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi, vCenter Server, and Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ESXi 7.0, 6.7, 6.5, vCenter Server 7.0, 6.7, 6.5, and Cloud Foundation 4.x.x, and 3.x.x release lines."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Partial denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T12:37:34",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi, vCenter Server, and Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "ESXi 7.0, 6.7, 6.5, vCenter Server 7.0, 6.7, 6.5, and Cloud Foundation 4.x.x, and 3.x.x release lines."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Partial denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0018.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3976",
"datePublished": "2020-08-21T12:37:34",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5537
Vulnerability from cvelistv5
Published
2019-10-28 15:04
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2019-0018.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server Appliance |
Version: VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server Appliance",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T15:04:08",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server Appliance",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5537",
"datePublished": "2019-10-28T15:04:08",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5538
Vulnerability from cvelistv5
Published
2019-10-28 15:52
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2019-0018.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server Appliance |
Version: VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server Appliance",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T15:52:37",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server Appliance",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5538",
"datePublished": "2019-10-28T15:52:37",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3994
Vulnerability from cvelistv5
Published
2020-10-20 16:14
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0023.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | vCenter Server |
Version: vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vCenter Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session hijack vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T16:14:24",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vCenter Server",
"version": {
"version_data": [
{
"version_value": "vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session hijack vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3994",
"datePublished": "2020-10-20T16:14:24",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20895
Vulnerability from cvelistv5
Published
2023-06-22 11:57
Modified
2024-12-05 18:59
Severity ?
EPSS score ?
Summary
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | VMware vCenter Server (vCenter Server) |
Version: 8.0 Version: 7.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:33.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20895",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T18:58:48.469755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T18:59:02.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"x86",
"ARM",
"64 bit",
"32 bit",
"MacOS",
"iOS"
],
"product": "VMware vCenter Server (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0 U1b",
"status": "affected",
"version": "8.0",
"versionType": "8.0 u1b"
},
{
"lessThan": "7.0 u3m",
"status": "affected",
"version": "7.0",
"versionType": "7.0 u3m"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"64 bit",
"32 bit",
"ARM",
"x86",
"MacOS",
"iOS"
],
"product": "VMware Cloud Foundation (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "5.x",
"versionType": "7.0 U3m, 8.0 U1b"
},
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "4.x",
"versionType": "7.0 U3m, 8.0 U1b"
}
]
}
],
"datePublic": "2023-06-22T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eA malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.\u003c/span\u003e"
}
],
"value": "The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-22T11:57:15.954Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20895",
"datePublished": "2023-06-22T11:57:15.954Z",
"dateReserved": "2022-11-01T15:41:50.395Z",
"dateUpdated": "2024-12-05T18:59:02.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22018
Vulnerability from cvelistv5
Published
2021-09-23 12:16
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server 7.x before 7.0.2 U2d and VMware Cloud Foundation 4.x before 4.3.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server 7.x before 7.0.2 U2d and VMware Cloud Foundation 4.x before 4.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File deletion vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:16:31",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server 7.x before 7.0.2 U2d and VMware Cloud Foundation 4.x before 4.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File deletion vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22018",
"datePublished": "2021-09-23T12:16:31",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38812
Vulnerability from cvelistv5
Published
2024-09-17 17:13
Modified
2024-11-20 17:20
Severity ?
EPSS score ?
Summary
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: 8.0 < 8.0 U3b Version: 7.0 < 7.0 U3s |
||||
|
|||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0u3b",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.0u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38812",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:17:18.904501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:20:23.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38812 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDCERPC protocol\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:09.778Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38812",
"datePublished": "2024-09-17T17:13:09.778Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2024-11-20T17:20:23.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7459
Vulnerability from cvelistv5
Published
2016-12-29 09:02
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94486 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037329 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2016-0022.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94486"
},
{
"name": "1037329",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "94486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94486"
},
{
"name": "1037329",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94486"
},
{
"name": "1037329",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037329"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2016-7459",
"datePublished": "2016-12-29T09:02:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5534
Vulnerability from cvelistv5
Published
2019-09-18 20:32
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2019-0013.html | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | vCenter Server |
Version: 6.7 prior to 6.7 U3 Version: 6.5 prior to 6.5 U3 Version: 6.0 prior to 6.0 U3j |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vCenter Server",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 prior to 6.7 U3"
},
{
"status": "affected",
"version": "6.5 prior to 6.5 U3"
},
{
"status": "affected",
"version": "6.0 prior to 6.0 U3j"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine\u0027s vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T16:06:12",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vCenter Server",
"version": {
"version_data": [
{
"version_value": "6.7 prior to 6.7 U3"
},
{
"version_value": "6.5 prior to 6.5 U3"
},
{
"version_value": "6.0 prior to 6.0 U3j"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine\u0027s vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"name": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5534",
"datePublished": "2019-09-18T20:32:33",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2698
Vulnerability from cvelistv5
Published
2009-08-27 17:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:1233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
},
{
"name": "RHSA-2009:1223",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
},
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"name": "37298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37298"
},
{
"name": "1022761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022761"
},
{
"name": "36430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36430"
},
{
"name": "SUSE-SA:2009:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html"
},
{
"name": "oval:org.mitre.oval:def:11514",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514"
},
{
"name": "36510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36510"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "RHSA-2009:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
},
{
"name": "USN-852-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name": "23073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "36108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36108"
},
{
"name": "[oss-security] 20090825 CVE-2009-2698 kernel: udp socket NULL ptr dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/25/1"
},
{
"name": "MDVSA-2011:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100067254"
},
{
"name": "oval:org.mitre.oval:def:9142",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142"
},
{
"name": "oval:org.mitre.oval:def:8557",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2009:1233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
},
{
"name": "RHSA-2009:1223",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
},
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"name": "37298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37298"
},
{
"name": "1022761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022761"
},
{
"name": "36430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36430"
},
{
"name": "SUSE-SA:2009:046",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html"
},
{
"name": "oval:org.mitre.oval:def:11514",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514"
},
{
"name": "36510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36510"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "RHSA-2009:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
},
{
"name": "USN-852-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name": "23073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "36108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36108"
},
{
"name": "[oss-security] 20090825 CVE-2009-2698 kernel: udp socket NULL ptr dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/25/1"
},
{
"name": "MDVSA-2011:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/css/P8/documents/100067254"
},
{
"name": "oval:org.mitre.oval:def:9142",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142"
},
{
"name": "oval:org.mitre.oval:def:8557",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1233",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
},
{
"name": "RHSA-2009:1223",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
},
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"name": "37298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37298"
},
{
"name": "1022761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022761"
},
{
"name": "36430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36430"
},
{
"name": "SUSE-SA:2009:046",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html"
},
{
"name": "oval:org.mitre.oval:def:11514",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514"
},
{
"name": "36510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36510"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "RHSA-2009:1222",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
},
{
"name": "USN-852-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name": "23073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23073"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "36108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36108"
},
{
"name": "[oss-security] 20090825 CVE-2009-2698 kernel: udp socket NULL ptr dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/25/1"
},
{
"name": "MDVSA-2011:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "http://support.avaya.com/css/P8/documents/100067254",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100067254"
},
{
"name": "oval:org.mitre.oval:def:9142",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142"
},
{
"name": "oval:org.mitre.oval:def:8557",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e0c14f49d6b393179f423abbac47f85618d3d46",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e0c14f49d6b393179f423abbac47f85618d3d46"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37105"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=518034",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2698",
"datePublished": "2009-08-27T17:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22012
Vulnerability from cvelistv5
Published
2021-09-23 11:58
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: VMware vCenter Server 6.5 before 6.5 U3q |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server 6.5 before 6.5 U3q"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:58:46",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server 6.5 before 6.5 U3q"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22012",
"datePublished": "2021-09-23T11:58:46",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1047
Vulnerability from cvelistv5
Published
2015-10-12 10:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/76932 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1033720 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2015-0007.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76932",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76932"
},
{
"name": "1033720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033720"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "76932",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76932"
},
{
"name": "1033720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033720"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76932"
},
{
"name": "1033720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033720"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1047",
"datePublished": "2015-10-12T10:00:00",
"dateReserved": "2015-01-12T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21992
Vulnerability from cvelistv5
Published
2021-09-22 18:59
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML parsing denial-of-service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-22T18:59:15",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML parsing denial-of-service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21992",
"datePublished": "2021-09-22T18:59:15",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22049
Vulnerability from cvelistv5
Published
2021-11-24 16:32
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0027.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T16:32:59",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22049",
"datePublished": "2021-11-24T16:32:59",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38813
Vulnerability from cvelistv5
Published
2024-09-17 17:13
Modified
2024-11-20 17:20
Severity ?
EPSS score ?
Summary
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: 8.0 < 8.0 U3b Version: 7.0 < 7.0 U3s |
||||
|
|||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0_u3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0_u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38813",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:18:12.716736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:20:22.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38813 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains a privilege escalation vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273 Improper Check for Dropped Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:13.924Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38813",
"datePublished": "2024-09-17T17:13:13.924Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2024-11-20T17:20:22.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22982
Vulnerability from cvelistv5
Published
2022-07-13 18:18
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0018.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: VMware vCenter Server (7.0 before 7.0 U3f, 6.7 before 6.7 U3r & 6.5 before 6.5 U3t) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (7.0 before 7.0 U3f, 6.7 before 6.7 U3r \u0026 6.5 before 6.5 U3t)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-side request forgery vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T18:18:58",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (7.0 before 7.0 U3f, 6.7 before 6.7 U3r \u0026 6.5 before 6.5 U3t)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-side request forgery vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22982",
"datePublished": "2022-07-13T18:18:58",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21986
Vulnerability from cvelistv5
Published
2021-05-26 14:04
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0010.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Issue with Authentication mechanism",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T19:06:10",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Issue with Authentication mechanism"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"name": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21986",
"datePublished": "2021-05-26T14:04:35",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4241
Vulnerability from cvelistv5
Published
2014-07-17 10:00
Modified
2024-08-06 11:12
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2014-0012.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/534161/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94559 | vdb-entry, x_refsource_XF | |
| http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2014/Dec/23 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/68649 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:34.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "oracle-cpujul2014-cve20144241(94559)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "68649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "oracle-cpujul2014-cve20144241(94559)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "68649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "oracle-cpujul2014-cve20144241(94559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94559"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "68649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2014-4241",
"datePublished": "2014-07-17T10:00:00",
"dateReserved": "2014-06-17T00:00:00",
"dateUpdated": "2024-08-06T11:12:34.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1405
Vulnerability from cvelistv5
Published
2013-02-15 11:00
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2013-0001.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-15T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1405",
"datePublished": "2013-02-15T11:00:00Z",
"dateReserved": "2013-01-19T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:50.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34056
Vulnerability from cvelistv5
Published
2023-10-25 04:24
Modified
2024-10-29 18:28
Severity ?
EPSS score ?
Summary
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | VMware vCenter Server |
Version: 8.0 Version: 7.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:12:23.418110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T18:28:23.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware vCenter Server",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0U2",
"status": "affected",
"version": "8.0",
"versionType": "8.0U2"
},
{
"lessThan": "7.0U3o",
"status": "affected",
"version": "7.0",
"versionType": "7.0U3o"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware Cloud Foundation (VMware vCenter Server)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2023-10-25T03:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "vCenter Server contains a partial information disclosure vulnerability.\u0026nbsp;A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data."
}
],
"value": "vCenter Server contains a partial information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T04:24:47.707Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware vCenter Server Partial Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34056",
"datePublished": "2023-10-25T04:24:47.707Z",
"dateReserved": "2023-05-25T17:21:56.203Z",
"dateUpdated": "2024-10-29T18:28:23.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5971
Vulnerability from cvelistv5
Published
2013-10-21 10:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/98718 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/88134 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/63218 | vdb-entry, x_refsource_BID | |
| http://www.vmware.com/security/advisories/VMSA-2013-0012.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/98718"
},
{
"name": "vmware-vcenter-cve20135971-session-hijacking(88134)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88134"
},
{
"name": "63218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/98718"
},
{
"name": "vmware-vcenter-cve20135971-session-hijacking(88134)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88134"
},
{
"name": "63218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98718",
"refsource": "OSVDB",
"url": "http://osvdb.org/98718"
},
{
"name": "vmware-vcenter-cve20135971-session-hijacking(88134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88134"
},
{
"name": "63218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63218"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5971",
"datePublished": "2013-10-21T10:00:00",
"dateReserved": "2013-10-01T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22013
Vulnerability from cvelistv5
Published
2021-09-23 11:58
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: VMware vCenter Server 6.5 before 6.5 U3q |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server 6.5 before 6.5 U3q"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File path traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:58:53",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server 6.5 before 6.5 U3q"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File path traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22013",
"datePublished": "2021-09-23T11:58:53",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34048
Vulnerability from cvelistv5
Published
2023-10-25 04:21
Modified
2024-08-19 07:47
Severity ?
EPSS score ?
Summary
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | VMware vCenter Server |
Version: 8.0 Version: 7.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0U3o",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.0U2",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "KB88287",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "KB88287",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34048",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T16:43:59.468773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-01-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-34048"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:08.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:47:56.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
},
{
"url": "https://www.vicarius.io/vsociety/posts/understanding-cve-2023-34048-a-zero-day-out-of-bound-write-in-vcenter-server"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware vCenter Server",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0U2",
"status": "affected",
"version": "8.0",
"versionType": "8.0U2"
},
{
"lessThan": "7.0U3o",
"status": "affected",
"version": "7.0",
"versionType": "7.0U3o"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VMware Cloud Foundation (VMware vCenter Server)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2023-10-25T03:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u0026nbsp;A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution."
}
],
"value": "vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T04:21:42.267Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware vCenter Server Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34048",
"datePublished": "2023-10-25T04:21:42.267Z",
"dateReserved": "2023-05-25T17:21:56.202Z",
"dateUpdated": "2024-08-19T07:47:56.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2076
Vulnerability from cvelistv5
Published
2016-04-15 14:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2016-0004.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035571 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035570 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035572 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0004.html"
},
{
"name": "1035571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035571"
},
{
"name": "1035570",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035570"
},
{
"name": "1035572",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-27T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0004.html"
},
{
"name": "1035571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035571"
},
{
"name": "1035570",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035570"
},
{
"name": "1035572",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035572"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0004.html"
},
{
"name": "1035571",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035571"
},
{
"name": "1035570",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035570"
},
{
"name": "1035572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035572"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2076",
"datePublished": "2016-04-15T14:00:00",
"dateReserved": "2016-01-26T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3952
Vulnerability from cvelistv5
Published
2020-04-10 13:55
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0006 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5. Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5. Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Critical Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-02T15:06:13",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5. Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Critical Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0006",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0006"
},
{
"name": "http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3952",
"datePublished": "2020-04-10T13:55:36",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2928
Vulnerability from cvelistv5
Published
2011-02-16 00:00
Modified
2024-08-07 02:46
Severity ?
EPSS score ?
Summary
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/70859 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/43307 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html | x_refsource_CONFIRM | |
| http://www.vmware.com/security/advisories/VMSA-2011-0003.html | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/8079 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/516397/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70859",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70859"
},
{
"name": "43307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43307"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "8079",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8079"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70859",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70859"
},
{
"name": "43307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43307"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "8079",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8079"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70859",
"refsource": "OSVDB",
"url": "http://osvdb.org/70859"
},
{
"name": "43307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43307"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "8079",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8079"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2928",
"datePublished": "2011-02-16T00:00:00",
"dateReserved": "2010-08-02T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1659
Vulnerability from cvelistv5
Published
2013-02-22 20:00
Modified
2024-09-17 01:10
Severity ?
EPSS score ?
Summary
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2013-0003.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:31.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-22T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1659",
"datePublished": "2013-02-22T20:00:00Z",
"dateReserved": "2013-02-12T00:00:00Z",
"dateUpdated": "2024-09-17T01:10:32.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20893
Vulnerability from cvelistv5
Published
2023-06-22 11:52
Modified
2024-12-05 19:53
Severity ?
EPSS score ?
Summary
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | VMware vCenter Server (vCenter Server) |
Version: 8.0 Version: 7.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:33.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20893",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T19:52:15.538467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:53:41.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"x86",
"ARM",
"64 bit",
"32 bit",
"MacOS",
"iOS"
],
"product": "VMware vCenter Server (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0 U1b",
"status": "affected",
"version": "8.0",
"versionType": "8.0 u1b"
},
{
"lessThan": "7.0 u3m",
"status": "affected",
"version": "7.0",
"versionType": "7.0 u3m"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"64 bit",
"32 bit",
"ARM",
"x86",
"MacOS",
"iOS"
],
"product": "VMware Cloud Foundation (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "5.x",
"versionType": "7.0 U3m, 8.0 U1b"
},
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "4.x",
"versionType": "7.0 U3m, 8.0 U1b"
}
]
}
],
"datePublic": "2023-06-22T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol.\u0026nbsp;A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server."
}
],
"value": "The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-22T11:52:32.771Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20893",
"datePublished": "2023-06-22T11:52:32.771Z",
"dateReserved": "2022-11-01T15:41:50.394Z",
"dateUpdated": "2024-12-05T19:53:41.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21973
Vulnerability from cvelistv5
Published
2021-02-24 16:42
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0002.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: 7.x before 7.0 U1c Version: 6.7 before 6.7 U3l Version: 6.5 before 6.5 U3n |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.x before 7.0 U1c"
},
{
"status": "affected",
"version": "6.7 before 6.7 U3l"
},
{
"status": "affected",
"version": "6.5 before 6.5 U3n"
}
]
},
{
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.x before 4.2"
},
{
"status": "affected",
"version": "3.x before 3.10.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-24T16:42:02",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "7.x before 7.0 U1c"
},
{
"version_value": "6.7 before 6.7 U3l"
},
{
"version_value": "6.5 before 6.5 U3n"
}
]
}
},
{
"product_name": "VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "4.x before 4.2"
},
{
"version_value": "3.x before 3.10.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21973",
"datePublished": "2021-02-24T16:42:02",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22019
Vulnerability from cvelistv5
Published
2021-09-23 12:16
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:16:41",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22019",
"datePublished": "2021-09-23T12:16:41",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22020
Vulnerability from cvelistv5
Published
2021-09-23 12:16
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:16:47",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22020",
"datePublished": "2021-09-23T12:16:47",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21972
Vulnerability from cvelistv5
Published
2021-02-24 16:42
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: 7.x before 7.0 U1c Version: 6.7 before 6.7 U3l Version: 6.5 before 6.5 U3n |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "7.x before 7.0 U1c"
},
{
"status": "affected",
"version": "6.7 before 6.7 U3l"
},
{
"status": "affected",
"version": "6.5 before 6.5 U3n"
}
]
},
{
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.x before 4.2"
},
{
"status": "affected",
"version": "3.x before 3.10.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T19:06:12",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "7.x before 7.0 U1c"
},
{
"version_value": "6.7 before 6.7 U3l"
},
{
"version_value": "6.5 before 6.5 U3n"
}
]
}
},
{
"product_name": "VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "4.x before 4.2"
},
{
"version_value": "3.x before 3.10.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
},
{
"name": "http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html"
},
{
"name": "http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21972",
"datePublished": "2021-02-24T16:42:05",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31697
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31697",
"datePublished": "2022-12-13T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2416
Vulnerability from cvelistv5
Published
2009-08-11 18:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"name": "FEDORA-2009-8491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"name": "36631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36631"
},
{
"name": "oval:org.mitre.oval:def:9262",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"name": "APPLE-SA-2009-11-11-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"name": "ADV-2009-3217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3217"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "ADV-2009-2420",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"name": "FEDORA-2009-8580",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "36417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36417"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3949"
},
{
"name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
},
{
"name": "36010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"name": "35036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35036"
},
{
"name": "36338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36338"
},
{
"name": "FEDORA-2009-8498",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"name": "oval:org.mitre.oval:def:7783",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "DSA-1859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1859"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "37346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37346"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "36207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"name": "FEDORA-2009-8491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"name": "36631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36631"
},
{
"name": "oval:org.mitre.oval:def:9262",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"name": "APPLE-SA-2009-11-11-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"name": "ADV-2009-3217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3217"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "ADV-2009-2420",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"name": "FEDORA-2009-8580",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "36417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36417"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3949"
},
{
"name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
},
{
"name": "36010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"name": "35036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35036"
},
{
"name": "36338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36338"
},
{
"name": "FEDORA-2009-8498",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"name": "oval:org.mitre.oval:def:7783",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "DSA-1859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1859"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "37346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37346"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "36207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36207"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2416",
"datePublished": "2009-08-11T18:00:00",
"dateReserved": "2009-07-09T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20894
Vulnerability from cvelistv5
Published
2023-06-22 11:54
Modified
2024-12-05 21:22
Severity ?
EPSS score ?
Summary
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | VMware vCenter Server (vCenter Server) |
Version: 8.0 Version: 7.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:33.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20894",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T21:22:16.773546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T21:22:35.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"x86",
"ARM",
"64 bit",
"32 bit",
"MacOS",
"iOS"
],
"product": "VMware vCenter Server (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0 U1b",
"status": "affected",
"version": "8.0",
"versionType": "8.0 u1b"
},
{
"lessThan": "7.0 u3m",
"status": "affected",
"version": "7.0",
"versionType": "7.0 u3m"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"64 bit",
"32 bit",
"ARM",
"x86",
"MacOS",
"iOS"
],
"product": "VMware Cloud Foundation (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "5.x",
"versionType": "7.0 U3m, 8.0 U1b"
},
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "4.x",
"versionType": "7.0 U3m, 8.0 U1b"
}
]
}
],
"datePublic": "2023-06-22T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u0026nbsp;A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption."
}
],
"value": "The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-22T11:54:04.383Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20894",
"datePublished": "2023-06-22T11:54:04.383Z",
"dateReserved": "2022-11-01T15:41:50.395Z",
"dateUpdated": "2024-12-05T21:22:35.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4923
Vulnerability from cvelistv5
Published
2017-08-01 16:00
Modified
2024-08-05 14:47
Severity ?
EPSS score ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2017-0013.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99997 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039013 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"name": "99997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99997"
},
{
"name": "1039013",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"name": "99997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99997"
},
{
"name": "1039013",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"name": "99997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99997"
},
{
"name": "1039013",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4923",
"datePublished": "2017-08-01T16:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22009
Vulnerability from cvelistv5
Published
2021-09-23 11:51
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple denial of service vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:51:32",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple denial of service vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22009",
"datePublished": "2021-09-23T11:51:32",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22011
Vulnerability from cvelistv5
Published
2021-09-23 11:51
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0.2 U2d, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3.1 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0.2 U2d, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3.1 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated API endpoint vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:51:47",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0.2 U2d, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3.1 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated API endpoint vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22011",
"datePublished": "2021-09-23T11:51:47",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4927
Vulnerability from cvelistv5
Published
2017-11-17 14:00
Modified
2024-09-17 02:00
Severity ?
EPSS score ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2017-0017.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039759 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101786 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | vCenter Server |
Version: 6.5 prior to 6.5 U1 Version: 6.0 prior to 6.0 U3c |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
},
{
"name": "1039759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039759"
},
{
"name": "101786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101786"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vCenter Server",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5 U1"
},
{
"status": "affected",
"version": "6.0 prior to 6.0 U3c"
}
]
}
],
"datePublic": "2017-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "LDAP denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
},
{
"name": "1039759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039759"
},
{
"name": "101786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101786"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-11-09T00:00:00",
"ID": "CVE-2017-4927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vCenter Server",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5 U1"
},
{
"version_value": "6.0 prior to 6.0 U3c"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "LDAP denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
},
{
"name": "1039759",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039759"
},
{
"name": "101786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101786"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4927",
"datePublished": "2017-11-17T14:00:00Z",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-09-17T02:00:47.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31698
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31698",
"datePublished": "2022-12-13T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2342
Vulnerability from cvelistv5
Published
2015-10-12 10:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Oct/1 | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id/1033720 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-455 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/76930 | vdb-entry, x_refsource_BID | |
| https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/ | x_refsource_MISC | |
| http://www.vmware.com/security/advisories/VMSA-2015-0007.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151001 CVE-2015-2342 VMware vCenter Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/1"
},
{
"name": "1033720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033720"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-455"
},
{
"name": "76930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76930"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20151001 CVE-2015-2342 VMware vCenter Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/1"
},
{
"name": "1033720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033720"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-455"
},
{
"name": "76930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76930"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151001 CVE-2015-2342 VMware vCenter Remote Code Execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/1"
},
{
"name": "1033720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033720"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-455",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-455"
},
{
"name": "76930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76930"
},
{
"name": "https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/",
"refsource": "MISC",
"url": "https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2342",
"datePublished": "2015-10-12T10:00:00",
"dateReserved": "2015-03-18T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5331
Vulnerability from cvelistv5
Published
2016-08-08 01:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036543 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92324 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036544 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/539128/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vmware.com/security/advisories/VMSA-2016-0010.html | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2016/Aug/38 | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id/1036545 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036543",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036543"
},
{
"name": "92324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92324"
},
{
"name": "1036544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036544"
},
{
"name": "20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539128/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0010.html"
},
{
"name": "20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/38"
},
{
"name": "1036545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036545"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036543",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036543"
},
{
"name": "92324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92324"
},
{
"name": "1036544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036544"
},
{
"name": "20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539128/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0010.html"
},
{
"name": "20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/38"
},
{
"name": "1036545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036545"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036543",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036543"
},
{
"name": "92324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92324"
},
{
"name": "1036544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036544"
},
{
"name": "20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539128/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0010.html"
},
{
"name": "20160805 [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/38"
},
{
"name": "1036545",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036545"
},
{
"name": "http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5331",
"datePublished": "2016-08-08T01:00:00",
"dateReserved": "2016-06-07T00:00:00",
"dateUpdated": "2024-08-06T01:00:59.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2078
Vulnerability from cvelistv5
Published
2016-06-08 14:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/137189/VMWare-vSphere-Web-Client-6.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.vmware.com/security/advisories/VMSA-2016-0006.html | x_refsource_CONFIRM | |
| http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/538484/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1035961 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137189/VMWare-vSphere-Web-Client-6.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0006.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt"
},
{
"name": "20160525 VMWare vSphere Web Client Flash XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538484/100/0/threaded"
},
{
"name": "1035961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137189/VMWare-vSphere-Web-Client-6.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0006.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt"
},
{
"name": "20160525 VMWare vSphere Web Client Flash XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538484/100/0/threaded"
},
{
"name": "1035961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137189/VMWare-vSphere-Web-Client-6.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137189/VMWare-vSphere-Web-Client-6.0-Cross-Site-Scripting.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0006.html"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt"
},
{
"name": "20160525 VMWare vSphere Web Client Flash XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538484/100/0/threaded"
},
{
"name": "1035961",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2078",
"datePublished": "2016-06-08T14:00:00",
"dateReserved": "2016-01-26T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4943
Vulnerability from cvelistv5
Published
2017-12-20 15:00
Modified
2024-09-16 18:40
Severity ?
EPSS score ?
Summary
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2017-0021.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040026 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | vCenter Server Appliance (vCSA) |
Version: 6.5 before 6.5 U1d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
},
{
"name": "1040026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vCenter Server Appliance (vCSA)",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 before 6.5 U1d"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the \u0027showlog\u0027 plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T10:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
},
{
"name": "1040026",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-12-19T00:00:00",
"ID": "CVE-2017-4943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vCenter Server Appliance (vCSA)",
"version": {
"version_data": [
{
"version_value": "6.5 before 6.5 U1d"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the \u0027showlog\u0027 plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
},
{
"name": "1040026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4943",
"datePublished": "2017-12-20T15:00:00Z",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-09-16T18:40:02.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22948
Vulnerability from cvelistv5
Published
2022-03-29 17:24
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0009.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11) |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "3.11",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0_u3d",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.7_u3p",
"status": "affected",
"version": "6.7",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.5_u3r",
"status": "affected",
"version": "6.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-17",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22948",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T03:55:22.079743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T13:08:10.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-29T17:24:33",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22948",
"datePublished": "2022-03-29T17:24:33",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21993
Vulnerability from cvelistv5
Published
2021-09-23 11:37
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:37:24",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21993",
"datePublished": "2021-09-23T11:37:24",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4919
Vulnerability from cvelistv5
Published
2017-07-28 22:00
Modified
2024-09-16 16:29
Severity ?
EPSS score ?
Summary
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039004 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2017-0012.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100102 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | VMware vCenter Server |
Version: VMware vCenter Server 5.5.x, 6.0.x, 6.5.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html"
},
{
"name": "100102",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server 5.5.x, 6.0.x, 6.5.x"
}
]
}
],
"datePublic": "2017-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized Access Heap buffer-overflow vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-03T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1039004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html"
},
{
"name": "100102",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-07-27T00:00:00",
"ID": "CVE-2017-4919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server 5.5.x, 6.0.x, 6.5.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized Access Heap buffer-overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039004"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html"
},
{
"name": "100102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4919",
"datePublished": "2017-07-28T22:00:00Z",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-09-16T16:29:02.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4928
Vulnerability from cvelistv5
Published
2017-11-17 14:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2017-0017.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039759 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101785 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | vSphere Web Client |
Version: 6.0 prior to 6.0 U3c Version: 5.5 prior to 5.5 U3f |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
},
{
"name": "1039759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039759"
},
{
"name": "101785",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vSphere Web Client",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.0 prior to 6.0 U3c"
},
{
"status": "affected",
"version": "5.5 prior to 5.5 U3f"
}
]
}
],
"datePublic": "2017-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-side request forgery and carriage return line feed injection issues",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
},
{
"name": "1039759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039759"
},
{
"name": "101785",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-11-09T00:00:00",
"ID": "CVE-2017-4928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vSphere Web Client",
"version": {
"version_data": [
{
"version_value": "6.0 prior to 6.0 U3c"
},
{
"version_value": "5.5 prior to 5.5 U3f"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-side request forgery and carriage return line feed injection issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
},
{
"name": "1039759",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039759"
},
{
"name": "101785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4928",
"datePublished": "2017-11-17T14:00:00Z",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-09-17T03:48:41.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20896
Vulnerability from cvelistv5
Published
2023-06-22 12:00
Modified
2024-12-05 19:54
Severity ?
EPSS score ?
Summary
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | VMware vCenter Server (vCenter Server) |
Version: 8.0 Version: 7.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:33.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20896",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T19:54:25.466243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:54:33.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"x86",
"ARM",
"64 bit",
"32 bit",
"MacOS",
"iOS"
],
"product": "VMware vCenter Server (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0 U1b",
"status": "affected",
"version": "8.0",
"versionType": "8.0 u1b"
},
{
"lessThan": "7.0 u3m",
"status": "affected",
"version": "7.0",
"versionType": "7.0 u3m"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"64 bit",
"32 bit",
"ARM",
"x86",
"MacOS",
"iOS"
],
"product": "VMware Cloud Foundation (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "5.x",
"versionType": "7.0 U3m, 8.0 U1b"
},
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "4.x",
"versionType": "7.0 U3m, 8.0 U1b"
}
]
}
],
"datePublic": "2023-06-22T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol.\u0026nbsp;A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd)."
}
],
"value": "The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-22T12:00:45.390Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20896",
"datePublished": "2023-06-22T12:00:45.390Z",
"dateReserved": "2022-11-01T15:41:50.395Z",
"dateUpdated": "2024-12-05T19:54:33.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37080
Vulnerability from cvelistv5
Published
2024-06-18 05:43
Modified
2024-08-30 03:55
Severity ?
EPSS score ?
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: 8.0 < 8.0 U2d Version: 8.0 < 8.0 U1e Version: 7.0 < 7.0 U3r |
||||
|
|||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "8.0u2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0u1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0u3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37080",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T03:55:58.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-17T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. \u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:43:10.901Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37080",
"datePublished": "2024-06-18T05:43:10.901Z",
"dateReserved": "2024-06-03T05:40:17.631Z",
"dateUpdated": "2024-08-30T03:55:58.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22016
Vulnerability from cvelistv5
Published
2021-09-23 12:12
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server 6.7 before 6.7 U3o and VMware Cloud Foundation 3.x before 3.10.2.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server 6.7 before 6.7 U3o and VMware Cloud Foundation 3.x before 3.10.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:12:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server 6.7 before 6.7 U3o and VMware Cloud Foundation 3.x before 3.10.2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22016",
"datePublished": "2021-09-23T12:12:54",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37079
Vulnerability from cvelistv5
Published
2024-06-18 05:43
Modified
2024-08-30 03:55
Severity ?
EPSS score ?
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: 8.0 < 8.0 U2d Version: 8.0 < 8.0 U1e Version: 7.0 < 7.0 U3r |
||||
|
|||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37079",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T03:55:57.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:51.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U2d",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "8.0 U1e",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3r",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-17T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. \u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:43:06.619Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37079",
"datePublished": "2024-06-18T05:43:06.619Z",
"dateReserved": "2024-06-03T05:40:17.631Z",
"dateUpdated": "2024-08-30T03:55:57.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1072
Vulnerability from cvelistv5
Published
2009-03-25 01:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35390"
},
{
"name": "34432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34432"
},
{
"name": "34422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34422"
},
{
"name": "ADV-2009-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "34786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34786"
},
{
"name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"name": "34205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"name": "SUSE-SA:2009:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "35656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"name": "SUSE-SA:2009:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35185"
},
{
"name": "oval:org.mitre.oval:def:10314",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8382",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"name": "SUSE-SA:2009:031",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "SUSE-SA:2009:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"name": "USN-793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "RHSA-2009:1081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"name": "DSA-1800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35343"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "linux-kernel-capmknod-security-bypass(49356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"name": "35121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35121"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "35394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35390"
},
{
"name": "34432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34432"
},
{
"name": "34422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34422"
},
{
"name": "ADV-2009-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "34786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34786"
},
{
"name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"name": "34205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"name": "SUSE-SA:2009:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "35656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"name": "SUSE-SA:2009:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35185"
},
{
"name": "oval:org.mitre.oval:def:10314",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8382",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"name": "SUSE-SA:2009:031",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "SUSE-SA:2009:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"name": "USN-793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "RHSA-2009:1081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"name": "DSA-1800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35343"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "linux-kernel-capmknod-security-bypass(49356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"name": "35121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35121"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "35394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35394"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35390"
},
{
"name": "34432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34432"
},
{
"name": "34422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34422"
},
{
"name": "ADV-2009-0802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "34786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34786"
},
{
"name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"name": "34205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34205"
},
{
"name": "SUSE-SA:2009:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "35656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35656"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?",
"refsource": "MLIST",
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"name": "SUSE-SA:2009:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35185"
},
{
"name": "oval:org.mitre.oval:def:10314",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"name": "SUSE-SA:2009:031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "SUSE-SA:2009:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"name": "USN-793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "RHSA-2009:1081",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"name": "DSA-1800",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35343"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "linux-kernel-capmknod-security-bypass(49356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"name": "35121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35121"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "35394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35394"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1072",
"datePublished": "2009-03-25T01:00:00",
"dateReserved": "2009-03-24T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4922
Vulnerability from cvelistv5
Published
2017-08-01 16:00
Modified
2024-08-05 14:47
Severity ?
EPSS score ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100012 | vdb-entry, x_refsource_BID | |
| https://www.vmware.com/security/advisories/VMSA-2017-0013.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039013 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100012"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"name": "1039013",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "100012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100012"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"name": "1039013",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100012"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"name": "1039013",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4922",
"datePublished": "2017-08-01T16:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22006
Vulnerability from cvelistv5
Published
2021-09-23 11:41
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reverse proxy bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:41:13",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reverse proxy bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22006",
"datePublished": "2021-09-23T11:41:13",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20892
Vulnerability from cvelistv5
Published
2023-06-22 11:47
Modified
2024-12-05 19:48
Severity ?
EPSS score ?
Summary
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | VMware vCenter Server (vCenter Server) |
Version: 8.0 Version: 7.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:33.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20892",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T19:47:18.896428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:48:19.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"x86",
"ARM",
"64 bit",
"32 bit",
"MacOS",
"iOS"
],
"product": "VMware vCenter Server (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.0 U1b",
"status": "affected",
"version": "8.0",
"versionType": "8.0 u1b"
},
{
"lessThan": "7.0 u3m",
"status": "affected",
"version": "7.0",
"versionType": "7.0 u3m"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"Android",
"64 bit",
"32 bit",
"ARM",
"x86",
"MacOS",
"iOS"
],
"product": "VMware Cloud Foundation (vCenter Server)",
"vendor": "VMware",
"versions": [
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "5.x",
"versionType": "7.0 U3m, 8.0 U1b"
},
{
"lessThan": "7.0 U3m, 8.0 U1b",
"status": "affected",
"version": "4.x",
"versionType": "7.0 U3m, 8.0 U1b"
}
]
}
],
"datePublic": "2023-06-22T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol.\u0026nbsp;A malicious actor with network access to vCenter Server may exploit\u0026nbsp;\u003cb\u003eheap-overflow vulnerability\u0026nbsp;\u003c/b\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eto execute arbitrary code on the underlying operating system that hosts vCenter Server.\u003c/span\u003e"
}
],
"value": "The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may exploit\u00a0heap-overflow vulnerability\u00a0to execute arbitrary code on the underlying operating system that hosts vCenter Server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-22T11:47:25.876Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware vCenter Server heap-overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20892",
"datePublished": "2023-06-22T11:47:19.390Z",
"dateReserved": "2022-11-01T15:41:50.394Z",
"dateUpdated": "2024-12-05T19:48:19.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22015
Vulnerability from cvelistv5
Published
2021-09-23 00:00
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple local privilege escalation vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"url": "http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22015",
"datePublished": "2021-09-23T00:00:00",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22014
Vulnerability from cvelistv5
Published
2021-09-23 11:59
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated code execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:59:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22014",
"datePublished": "2021-09-23T11:59:00",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4921
Vulnerability from cvelistv5
Published
2017-08-01 16:00
Modified
2024-08-05 14:47
Severity ?
EPSS score ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2017-0013.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039013 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100006 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"name": "1039013",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039013"
},
{
"name": "100006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"name": "1039013",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039013"
},
{
"name": "100006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"name": "1039013",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039013"
},
{
"name": "100006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4921",
"datePublished": "2017-08-01T16:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:47:42.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6932
Vulnerability from cvelistv5
Published
2015-09-18 22:00
Modified
2024-08-06 07:36
Severity ?
EPSS score ?
Summary
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033582 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2015-0006.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1033582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033582",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033582"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6932",
"datePublished": "2015-09-18T22:00:00",
"dateReserved": "2015-09-14T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5531
Vulnerability from cvelistv5
Published
2019-09-18 21:42
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2019-0013.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | VMware vSphere ESXi |
Version: 6.7 prior to ESXi670-201810101-SG Version: 6.5 prior to ESXi650-201811102-SG Version: 6.0 prior to ESXi600-201807103-SG |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vSphere ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 prior to ESXi670-201810101-SG"
},
{
"status": "affected",
"version": "6.5 prior to ESXi650-201811102-SG"
},
{
"status": "affected",
"version": "6.0 prior to ESXi600-201807103-SG"
}
]
},
{
"product": "VMware vCenter Server",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 prior to 6.7 U1b"
},
{
"status": "affected",
"version": "6.5 prior to 6.5 U2b"
},
{
"status": "affected",
"version": "6.0 prior to 6.0 U3j"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user\u2019s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T18:18:52",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vSphere ESXi",
"version": {
"version_data": [
{
"version_value": "6.7 prior to ESXi670-201810101-SG"
},
{
"version_value": "6.5 prior to ESXi650-201811102-SG"
},
{
"version_value": "6.0 prior to ESXi600-201807103-SG"
}
]
}
},
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_value": "6.7 prior to 6.7 U1b"
},
{
"version_value": "6.5 prior to 6.5 U2b"
},
{
"version_value": "6.0 prior to 6.0 U3j"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user\u2019s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5531",
"datePublished": "2019-09-18T21:42:17",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21985
Vulnerability from cvelistv5
Published
2021-05-26 14:04
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T16:06:26",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"name": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"name": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21985",
"datePublished": "2021-05-26T14:04:30",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22007
Vulnerability from cvelistv5
Published
2021-09-23 11:41
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:41:21",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22007",
"datePublished": "2021-09-23T11:41:21",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22017
Vulnerability from cvelistv5
Published
2021-09-23 12:13
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation 3.x before 3.10.2.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation 3.x before 3.10.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Rhttpproxy bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:13:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation 3.x before 3.10.2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Rhttpproxy bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22017",
"datePublished": "2021-09-23T12:13:01",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5532
Vulnerability from cvelistv5
Published
2019-09-18 20:32
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2019-0013.html | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | vCenter Server |
Version: 6.7 prior to 6.7 U3 Version: 6.5 prior to 6.5 U3 Version: 6.0 prior to 6.0 U3j |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vCenter Server",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.7 prior to 6.7 U3"
},
{
"status": "affected",
"version": "6.5 prior to 6.5 U3"
},
{
"status": "affected",
"version": "6.0 prior to 6.0 U3j"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T16:06:12",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vCenter Server",
"version": {
"version_data": [
{
"version_value": "6.7 prior to 6.7 U3"
},
{
"version_value": "6.5 prior to 6.5 U3"
},
{
"version_value": "6.0 prior to 6.0 U3j"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"name": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5532",
"datePublished": "2019-09-18T20:32:36",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22005
Vulnerability from cvelistv5
Published
2021-09-23 11:37
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:06:27",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"name": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22005",
"datePublished": "2021-09-23T11:37:30",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31680
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server |
Version: VMware vCenter Server 6.5 prior to U3u |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server 6.5 prior to U3u"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unsafe deserialization vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31680",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6326
Vulnerability from cvelistv5
Published
2013-02-22 20:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2012-0018.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-22T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6326",
"datePublished": "2013-02-22T20:00:00Z",
"dateReserved": "2012-12-10T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:31.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21980
Vulnerability from cvelistv5
Published
2021-11-24 16:32
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0027.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T16:32:43",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21980",
"datePublished": "2021-11-24T16:32:43",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6931
Vulnerability from cvelistv5
Published
2016-07-03 01:00
Modified
2024-08-06 07:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036112 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2016-0009.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036112",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036112",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036112",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036112"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6931",
"datePublished": "2016-07-03T01:00:00",
"dateReserved": "2015-09-14T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4926
Vulnerability from cvelistv5
Published
2017-09-15 13:00
Modified
2024-09-16 17:59
Severity ?
EPSS score ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039364 | vdb-entry, x_refsource_SECTRACK | |
| https://www.vmware.com/security/advisories/VMSA-2017-0015.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100844 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | vCenter Server |
Version: 6.5 prior to 6.5 U1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039364",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039364"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html"
},
{
"name": "100844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vCenter Server",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5 U1"
}
]
}
],
"datePublic": "2017-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-16T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1039364",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039364"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html"
},
{
"name": "100844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-09-14T00:00:00",
"ID": "CVE-2017-4926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vCenter Server",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5 U1"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039364",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039364"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html"
},
{
"name": "100844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4926",
"datePublished": "2017-09-15T13:00:00Z",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-09-16T17:59:16.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21991
Vulnerability from cvelistv5
Published
2021-09-22 18:59
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-22T18:59:08",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21991",
"datePublished": "2021-09-22T18:59:08",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22008
Vulnerability from cvelistv5
Published
2021-09-23 11:41
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:41:28",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22008",
"datePublished": "2021-09-23T11:41:28",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22010
Vulnerability from cvelistv5
Published
2021-09-23 11:51
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T11:51:40",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22010",
"datePublished": "2021-09-23T11:51:40",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo autenticado en VAMI (Virtual Appliance Management Infrastructure). Un usuario autenticado de VAMI con acceso de red al puerto 5480 en vCenter Server puede explotar este problema para ejecutar c\u00f3digo en el sistema operativo subyacente que aloja vCenter Server"
}
],
"id": "CVE-2021-22014",
"lastModified": "2024-11-21T05:49:26.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:08.130",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-25 18:17
Modified
2024-12-20 17:41
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 |
{
"cisaActionDue": "2024-02-12",
"cisaExploitAdd": "2024-01-22",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware vCenter Server Out-of-Bounds Write Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "561A702A-DB0C-4E67-AF6C-9994B99DA56C",
"versionEndIncluding": "5.5",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de escritura fuera de los l\u00edmites en la implementaci\u00f3n del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar una escritura fuera de los l\u00edmites que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2023-34048",
"lastModified": "2024-12-20T17:41:40.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:27.897",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/understanding-cve-2023-34048-a-zero-day-out-of-bound-write-in-vcenter-server"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de omisi\u00f3n de proxy inverso debido a la forma en que los endpoints manejan el URI. Un actor malicioso con acceso a la red al puerto 443 de vCenter Server puede explotar este problema para acceder a endpoints restringidos"
}
],
"id": "CVE-2021-22006",
"lastModified": "2024-11-21T05:49:25.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:07.753",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-10 18:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html | Release Notes, Third Party Advisory, VDB Entry | |
| security@vmware.com | http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html | Release Notes, Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0025.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html | Release Notes, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html | Release Notes, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0025.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 | |
| vmware | cloud_foundation | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBD9C21-C9E9-45EB-8370-B499C0B9290A",
"versionEndIncluding": "3.10.2.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD4BE55-532A-4423-B658-4D658BA841AD",
"versionEndIncluding": "4.1.0.1",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de escalada de privilegios en el mecanismo de autenticaci\u00f3n IWA (Integrated Windows Authentication). Un actor malicioso con acceso no administrativo a vCenter Server podr\u00eda explotar este problema para elevar los privilegios a un grupo con mayores privilegios"
}
],
"id": "CVE-2021-22048",
"lastModified": "2024-11-21T05:49:29.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-10T18:15:08.037",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Release Notes",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html"
},
{
"source": "security@vmware.com",
"tags": [
"Release Notes",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service."
},
{
"lang": "es",
"value": "vCenter Server contiene m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio en el servicio VAPI (vCenter API). Un actor malicioso con acceso a la red al puerto 443 de vCenter Server puede explotar estos problemas para crear una condici\u00f3n de denegaci\u00f3n de servicio debido al consumo excesivo de memoria por parte del servicio VAPI"
}
],
"id": "CVE-2021-22009",
"lastModified": "2024-11-21T05:49:25.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:07.893",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 21:15
Modified
2024-11-21 04:45
Severity ?
Summary
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2019-0013.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2019-0013.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "74EE8EE5-54F0-4359-898B-C57C5B2AE7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*",
"matchCriteriaId": "F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:u1:*:*:*:*:*:*",
"matchCriteriaId": "C914E1AB-DF4F-4A68-8893-EDA57E048147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:u1b:*:*:*:*:*:*",
"matchCriteriaId": "7ECFC0C8-C8EC-4E44-9E90-5D4C67B5F339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:u3:*:*:*:*:*:*",
"matchCriteriaId": "7E2BAD93-38DE-4C23-8953-4E199996537B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "8838067B-0AB5-4C6A-B201-73C193FEFA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "34EDDB03-6DA9-48FE-B7F2-FBBCDF5D8385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update2m:*:*:*:*:*:*",
"matchCriteriaId": "2E8C89BF-93F3-419A-83B7-B617A3DF31D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "4E38D9BC-1BFA-45B5-AC25-A6DB3F025D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3b:*:*:*:*:*:*",
"matchCriteriaId": "3F803DFB-4172-4D60-94DE-F20370859617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "F99ACFA4-3EEF-4151-80E9-701537DB8D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "C4591535-4081-4DF7-B115-53D1014C83CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "22C17858-6EBB-4807-A230-3F53670A69FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "77A98613-F61B-4801-840E-6F281A98B381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "D0122FA8-0D5F-4296-B00B-9BA00CBAE64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "76F6CA9D-16DB-450B-A226-93FC151AB631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "D441FEB9-5773-4E20-9B3E-B6F634F773E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF33103-ECDD-427B-A445-2D7F90202FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:c:*:*:*:*:*:*",
"matchCriteriaId": "445FA649-B7F4-4AE2-A487-57357AC95241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97854C-DE5D-48B4-B5DB-C132E6D4B826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine\u0027s vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine)."
},
{
"lang": "es",
"value": "VMware vCenter Server (versi\u00f3n 6.7.x anterior a 6.7 U3, versi\u00f3n 6.5 anterior a 6.5 U3 y versi\u00f3n 6.0 anterior a 6.0 U3j), contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n donde las m\u00e1quinas virtuales implementadas desde un OVF podr\u00edan exponer informaci\u00f3n de inicio de sesi\u00f3n mediante las propiedades vAppConfig de una m\u00e1quina virtual. Un actor malicioso con acceso a consultar las propiedades vAppConfig de una m\u00e1quina virtual implementada desde un OVF puede ser capaz de visualizar las credenciales usadas para implementar el OVF (com\u00fanmente la cuenta root de la m\u00e1quina virtual)."
}
],
"id": "CVE-2019-5534",
"lastModified": "2024-11-21T04:45:08.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T21:15:13.373",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-26 15:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0010.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0010.html | Vendor Advisory |
Impacted products
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware vCenter Server Improper Input Validation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
"matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
"matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E65D7D-C5C1-4F9B-A470-2B1E34D2C429",
"versionEndExcluding": "3.10.2.1",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD049DD-5223-42EA-BCBF-DC86C2A90D41",
"versionEndExcluding": "4.2.1",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
},
{
"lang": "es",
"value": "VSphere Client (HTML5) contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota debido a una falta de comprobaci\u00f3n de entrada en el plugin Virtual SAN Health Check, que est\u00e1 habilitado por defecto en vCenter Server.\u0026#xa0;Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios ilimitados en el sistema operativo subyacente que aloja a vCenter Server"
}
],
"id": "CVE-2021-21985",
"lastModified": "2024-11-21T05:49:22.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-26T15:15:07.937",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-22 20:55
Modified
2024-11-21 01:50
Severity ?
Summary
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 4.0 | |
| vmware | vcenter_server | 4.0 | |
| vmware | vcenter_server | 4.0 | |
| vmware | vcenter_server | 4.0 | |
| vmware | vcenter_server | 4.0 | |
| vmware | vcenter_server | 4.0 | |
| vmware | vcenter_server_appliance | 5.1 | |
| vmware | vcenter_server_appliance | 5.1.0a | |
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.0 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.1 | |
| vmware | esxi | 4.1 | |
| vmware | esxi | 4.1 | |
| vmware | esxi | 5.0 | |
| vmware | esxi | 5.0 | |
| vmware | esxi | 5.0 | |
| vmware | esxi | 5.1 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5E54D6-434C-4EA2-984A-CE549B959731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "64893E61-9F18-4250-AEA4-9C47BAE1D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "79B02F0B-0D3B-4B68-BE2D-F43C12397B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "4A4596D4-74FD-42DD-AC38-D814A99822FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "8BDBAABE-D43C-491B-A3D2-8A625A8524E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:update_4a:*:*:*:*:*:*",
"matchCriteriaId": "E127819E-7DFD-4BDC-A07E-5F3D948F5915",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FECF06B5-3915-48F0-A140-41C7A27EE99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server_appliance:5.1.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0C9A45-9195-4BAC-AF54-DB6EA8BD3430",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "0DD9571C-CF1F-4EBA-AC8F-F0DF22106FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE88D8C-9CC3-46D1-9F26-290BC679F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*",
"matchCriteriaId": "58ED8AB4-0FDF-4752-B44E-56F58593CE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*",
"matchCriteriaId": "0A4E41C0-31FA-47AA-A9BF-B9A6C1D44801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*",
"matchCriteriaId": "AF016EE7-083A-4D62-A6D4-2807EB47B6DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*",
"matchCriteriaId": "8F11844A-3C6C-4AA5-87DC-979AFF62867A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*",
"matchCriteriaId": "AC463653-A599-45CF-8EA9-8854D5C59963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDE707D-A1F4-4829-843E-F6633BB84D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.1:1:*:*:*:*:*:*",
"matchCriteriaId": "4DC5C2BF-6EC6-436F-A925-469E87249C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.1:2:*:*:*:*:*:*",
"matchCriteriaId": "7BCE5DA9-BB88-4169-B77C-40B1F98D511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2331236-2E9B-4B52-81EE-B52DEB41ACE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*",
"matchCriteriaId": "7C5A1C2B-119E-49F3-B8E6-0610EE1C445C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*",
"matchCriteriaId": "AF29B5A4-6E4C-4EAE-BC6A-0DD44262EE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7217CBE1-3882-4045-A15C-EE7D4174CA00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE88D8C-9CC3-46D1-9F26-290BC679F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*",
"matchCriteriaId": "58ED8AB4-0FDF-4752-B44E-56F58593CE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*",
"matchCriteriaId": "0A4E41C0-31FA-47AA-A9BF-B9A6C1D44801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*",
"matchCriteriaId": "AF016EE7-083A-4D62-A6D4-2807EB47B6DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*",
"matchCriteriaId": "8F11844A-3C6C-4AA5-87DC-979AFF62867A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*",
"matchCriteriaId": "AC463653-A599-45CF-8EA9-8854D5C59963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDE707D-A1F4-4829-843E-F6633BB84D6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream."
},
{
"lang": "es",
"value": "VMware vCenter Server v4.0 anterior a Update 4b, v5.0 anterior a Update 2, y v5.1 anterior a 5.1.0b; VMware ESXi v3.5 a la v5.1; y VMware ESX v3.5 a la v4.1, no implementan adecuadamente el protocolo Network File Copy (NFC), lo que permite a atacantes \"man-in-the-middle\" ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) mediante la modificaci\u00f3n de los datos en el flujo client-server."
}
],
"id": "CVE-2013-1659",
"lastModified": "2024-11-21T01:50:05.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-22T20:55:01.143",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-01 16:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/100006 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039013 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0013.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100006 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039013 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0013.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97854C-DE5D-48B4-B5DB-C132E6D4B826",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation."
},
{
"lang": "es",
"value": "VMware vCenter Server en su versi\u00f3n 6.5 anterior a la 6.5 U1 tiene un problema de carga insegura de librer\u00edas que ocurre porque se utiliza la variable LD_LIBRARY_PATH de una manera no segura. Si se explota con \u00e9xito esta vulnerabilidad, podr\u00eda permitir a los usuarios host sin privilegios cargar una librer\u00eda compartida que pueda provocar un escalado de privilegios."
}
],
"id": "CVE-2017-4921",
"lastModified": "2024-11-21T03:26:40.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-01T16:29:00.227",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100006"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039013"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-17 18:15
Modified
2024-11-22 02:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 |
{
"cisaActionDue": "2024-12-11",
"cisaExploitAdd": "2024-11-20",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware vCenter Server Privilege Escalation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*",
"matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "89D5A7F9-3183-4EE7-828C-13BB9169E199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de escalada de privilegios. Un actor malintencionado con acceso de red al servidor vCenter puede activar esta vulnerabilidad para escalar privilegios a la ra\u00edz mediante el env\u00edo de un paquete de red especialmente manipulado."
}
],
"id": "CVE-2024-38813",
"lastModified": "2024-11-22T02:00:03.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T18:15:04.127",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
},
{
"lang": "en",
"value": "CWE-273"
}
],
"source": "security@vmware.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-273"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 13:15
Modified
2024-11-21 05:49
Severity ?
Summary
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.7 |
{
"cisaActionDue": "2022-01-24",
"cisaExploitAdd": "2022-01-10",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware vCenter Server Improper Access Control",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed."
},
{
"lang": "es",
"value": "Rhttproxy, tal y como se usa en vCenter Server, contiene una vulnerabilidad debido a una implementaci\u00f3n inapropiada de la normalizaci\u00f3n de URI. Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema para omitir el proxy, conllevando a un acceso a endpoints internos"
}
],
"id": "CVE-2021-22017",
"lastModified": "2024-11-21T05:49:26.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T13:15:08.207",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de tipo SSRF (Server Side Request Forgery) debido a una comprobaci\u00f3n inapropiada de las URL en la biblioteca de contenidos del servidor vCenter. Un usuario autorizado con acceso a la biblioteca de contenidos puede explotar este problema mediante el env\u00edo de una petici\u00f3n POST a vCenter Server conllevando a una divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2021-21993",
"lastModified": "2024-11-21T05:49:24.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:07.600",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-22 12:15
Modified
2024-11-21 07:41
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B93342-5BD7-49A8-83E7-8B6D547F2EE5",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may exploit\u00a0heap-overflow vulnerability\u00a0to execute arbitrary code on the underlying operating system that hosts vCenter Server."
}
],
"id": "CVE-2023-20892",
"lastModified": "2024-11-21T07:41:46.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-22T12:15:09.870",
"references": [
{
"source": "security@vmware.com",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-18 06:15
Modified
2024-11-21 09:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de desbordamiento de mont\u00f3n en la implementaci\u00f3n del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar esta vulnerabilidad al enviar un paquete de red especialmente manipulado que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2024-37079",
"lastModified": "2024-11-21T09:23:09.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-18T06:15:11.350",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-07 21:15
Modified
2024-11-21 07:05
Severity ?
Summary
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587 | Exploit, Third Party Advisory | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0025.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0025.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F19BBA2-1468-4BE2-9B21-C43E9B2A458E",
"versionEndExcluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
"matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*",
"matchCriteriaId": "AF7E87BB-1B5B-4F13-A70C-B3C6716E7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*",
"matchCriteriaId": "70A9244F-2C9C-4D7D-B384-08DDF95770DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*",
"matchCriteriaId": "2CBEA4F8-CBA3-4C71-96B3-47489F0D299C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3t:*:*:*:*:*:*",
"matchCriteriaId": "B40B0E23-410D-403D-811B-486EBF406E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3u:*:*:*:*:*:*",
"matchCriteriaId": "254F40B1-43B8-4222-A177-8906BF38D59C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server."
},
{
"lang": "es",
"value": "El servidor vCenter contiene una vulnerabilidad de deserializaci\u00f3n no segura en el PSC (Platform services controller). Un actor malicioso con acceso de administrador en el servidor vCenter puede aprovechar este problema para ejecutar c\u00f3digo arbitrario en el sistema operativo subyacente que aloja el servidor vCenter"
}
],
"id": "CVE-2022-31680",
"lastModified": "2024-11-21T07:05:06.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-07T21:15:11.247",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 22:15
Modified
2024-11-21 04:45
Severity ?
Summary
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*",
"matchCriteriaId": "ABE65721-57C0-4748-B159-F6D97CE8CAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F86FE1-8540-4C89-990E-FE397E2E56C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.7:update_1:*:*:*:*:*:*",
"matchCriteriaId": "98469327-DCED-47A0-BE32-54FD6C458329",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_esxi:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "DA9649FA-E181-426F-A7CD-A7DA407FD60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_esxi:6.5:u2:*:*:*:*:*:*",
"matchCriteriaId": "172B6B61-9005-4629-8583-7EEC630BF75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B998A9-208A-41F7-B981-2FA7ABF1E9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201810002:*:*:*:*:*:*",
"matchCriteriaId": "B0BDCA59-38C7-4E8C-89D1-8CD2F432F106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201811001:*:*:*:*:*:*",
"matchCriteriaId": "8E77CCBC-B104-4A88-90CF-57DC126CC448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201811002:*:*:*:*:*:*",
"matchCriteriaId": "8F151754-8E39-42FC-B853-A8CEA25FA614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201901001:*:*:*:*:*:*",
"matchCriteriaId": "726C9EF2-7AFB-410A-8EDC-49DCB113AF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201903001:*:*:*:*:*:*",
"matchCriteriaId": "770D4FA0-4ACC-44F4-96D4-04471DB07118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.5:650-201905001:*:*:*:*:*:*",
"matchCriteriaId": "D61873BB-E6F3-4240-B71B-589BD5D3AFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.5:update_1:*:*:*:*:*:*",
"matchCriteriaId": "43516B10-6F39-45D2-B9A8-1FF8C1633132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FC4AF4-9D52-4FB7-803C-6CD3815FFB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201810001:*:*:*:*:*:*",
"matchCriteriaId": "7032617B-E855-4DB1-8A7E-AFC716399B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201811001:*:*:*:*:*:*",
"matchCriteriaId": "E6CD3CEF-1230-4CF4-BD66-74690DBD763C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201903001:*:*:*:*:*:*",
"matchCriteriaId": "E6792B87-53C4-42FB-B72B-8FD980B1FE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:600-201905001:*:*:*:*:*:*",
"matchCriteriaId": "4EC892F4-2413-41B1-9EFF-6E40FDAEF9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "23B128C5-926E-4507-9268-E1C776713AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:u1a:*:*:*:*:*:*",
"matchCriteriaId": "33F8F18E-FFEE-44A4-8D0F-D1F098D94D75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:u1b:*:*:*:*:*:*",
"matchCriteriaId": "967DA5A9-6A83-4F56-BB63-52D31256A848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:u3a:*:*:*:*:*:*",
"matchCriteriaId": "FF8916F0-EE48-495F-A698-EF9264F7E34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "21634E09-E32A-4E38-95FE-8E26EFD85557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:vsphere_esxi:6.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "22219B28-4974-449B-A79E-CBBDC16C3131",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "74EE8EE5-54F0-4359-898B-C57C5B2AE7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*",
"matchCriteriaId": "F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:u1:*:*:*:*:*:*",
"matchCriteriaId": "C914E1AB-DF4F-4A68-8893-EDA57E048147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:u1b:*:*:*:*:*:*",
"matchCriteriaId": "7ECFC0C8-C8EC-4E44-9E90-5D4C67B5F339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:u3:*:*:*:*:*:*",
"matchCriteriaId": "7E2BAD93-38DE-4C23-8953-4E199996537B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "8838067B-0AB5-4C6A-B201-73C193FEFA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "34EDDB03-6DA9-48FE-B7F2-FBBCDF5D8385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update2m:*:*:*:*:*:*",
"matchCriteriaId": "2E8C89BF-93F3-419A-83B7-B617A3DF31D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "4E38D9BC-1BFA-45B5-AC25-A6DB3F025D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3b:*:*:*:*:*:*",
"matchCriteriaId": "3F803DFB-4172-4D60-94DE-F20370859617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "F99ACFA4-3EEF-4151-80E9-701537DB8D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "C4591535-4081-4DF7-B115-53D1014C83CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "22C17858-6EBB-4807-A230-3F53670A69FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "77A98613-F61B-4801-840E-6F281A98B381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "D0122FA8-0D5F-4296-B00B-9BA00CBAE64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "76F6CA9D-16DB-450B-A226-93FC151AB631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "D441FEB9-5773-4E20-9B3E-B6F634F773E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF33103-ECDD-427B-A445-2D7F90202FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:c:*:*:*:*:*:*",
"matchCriteriaId": "445FA649-B7F4-4AE2-A487-57357AC95241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97854C-DE5D-48B4-B5DB-C132E6D4B826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user\u2019s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out."
},
{
"lang": "es",
"value": "VMware vSphere ESXi (6.7 anterior a la versi\u00f3n ESXi670-201810101-SG, 6.5 anterior a la versi\u00f3n ESXi650-201811102-SG y 6.0 anterior a la veris\u00f3n ESXi600-201807103-SG) y VMware vCenter Server (6.7 anterior a 6.7 U1b, 6.5 anterior de 6.5 U2b, y 6.0 anterior a 6.0 U3j) contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en clientes que surge de una caducidad de sesi\u00f3n insuficiente. Un atacante con acceso f\u00edsico o la capacidad de imitar una conexi\u00f3n websocket al navegador de un usuario puede obtener el control de una consola VM despu\u00e9s de que el usuario haya cerrado sesi\u00f3n o su sesi\u00f3n haya caducado."
}
],
"id": "CVE-2019-5531",
"lastModified": "2024-11-21T04:45:08.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T22:15:11.357",
"references": [
{
"source": "security@vmware.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-08 14:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows | * | |
| vmware | vcenter_server | 5.1 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0492A2B-EBE2-4303-B8BD-8511D191D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el Web Client de VMware vCenter Server 5.1 en versiones anteriores a la actualizaci\u00f3n 3d, 5.5 en versiones anteriores a la actualizaci\u00f3n 3d y 6.0 en versiones anteriores a la actualizaci\u00f3n 2 en Windows permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro flashvars."
}
],
"id": "CVE-2016-2078",
"lastModified": "2024-11-21T02:47:45.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-08T14:59:33.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/137189/VMWare-vSphere-Web-Client-6.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538484/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035961"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/137189/VMWare-vSphere-Web-Client-6.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538484/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0006.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-27 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_server | 9 | |
| suse | linux_enterprise_server | 10 | |
| fedoraproject | fedora | 10 | |
| redhat | enterprise_linux_desktop | 4.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_eus | 4.8 | |
| redhat | enterprise_linux_eus | 5.3 | |
| redhat | enterprise_linux_server | 4.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server_aus | 5.3 | |
| redhat | enterprise_linux_workstation | 4.0 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| vmware | vcenter_server | 4.0 | |
| vmware | esxi | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B46C2EC7-EC2C-45D6-A7F2-CED2C433271E",
"versionEndExcluding": "2.6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2976D5-83A5-4A52-A1E6-D0E17F23FD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "941713DB-B1DE-4953-9A9C-174EAFDCB3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F87B994-28E4-4095-8770-6433DE9C93AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D467EE9D-6A1F-4462-9BDA-C68B7EE375E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket."
},
{
"lang": "es",
"value": "La funci\u00f3n udp_sendmsg en la implementaci\u00f3n UDP en los archivos (1) net/ipv4/udp.c y (2) net/ipv6/udp.c en el kernel de Linux anterior a versi\u00f3n 2.6.19, permite a los usuarios locales obtener privilegios o causar una denegaci\u00f3n de servicio (Desreferencia de puntero NULL y bloqueo de sistema) por medio de vectores que involucran el flag MSG_MORE y un socket UDP."
}
],
"id": "CVE-2009-2698",
"lastModified": "2024-11-21T01:05:32.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-08-27T17:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23073"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36430"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36510"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37105"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37298"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100067254"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36108"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022761"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518034"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100067254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG. Updates for Red Hat Enterprise Linux 3, 4 and 5 to correct this issue are available: https://rhn.redhat.com/cve/CVE-2009-2698.html",
"lastModified": "2009-09-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido a una API de administraci\u00f3n de dispositivos no autenticada. Un actor malicioso con acceso de red al puerto 443 de vCenter Server puede explotar este problema para conseguir acceso a informaci\u00f3n confidencial"
}
],
"id": "CVE-2021-22012",
"lastModified": "2024-11-21T05:49:26.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:08.037",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-24 17:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0027.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0027.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
},
{
"lang": "es",
"value": "El cliente web de vSphere (FLEX/Flash) contiene una vulnerabilidad de tipo SSRF (Server Side Request Forgery) en el plugin del cliente web de vSAN (vSAN UI). Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema al acceder a una petici\u00f3n de URL fuera de vCenter Server o accediendo a un servicio interno"
}
],
"id": "CVE-2021-22049",
"lastModified": "2024-11-21T05:49:30.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-24T17:15:07.707",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 13:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "127DEE95-0B04-4A98-B96A-15CC253C7357",
"versionEndExcluding": "3.10.2.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "722CF000-C0A1-4704-BDC6-3446D1530F3B",
"versionEndExcluding": "4.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de denegaci\u00f3n de servicio en el servicio Analytics. Una explotaci\u00f3n con \u00e9xito de este problema puede permitir a un atacante crear una condici\u00f3n de denegaci\u00f3n de servicio en vCenter Server"
}
],
"id": "CVE-2021-22020",
"lastModified": "2024-11-21T05:49:27.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T13:15:08.357",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html | Exploit, Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware vCenter Server File Upload Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de carga de archivos arbitraria en el servicio Analytics. Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema para ejecutar c\u00f3digo en vCenter Server cargando un archivo especialmente dise\u00f1ado"
}
],
"id": "CVE-2021-22005",
"lastModified": "2024-11-21T05:49:25.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:07.707",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-22 20:55
Modified
2024-11-21 01:46
Severity ?
Summary
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2012-0018.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2012-0018.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 4.1 | |
| vmware | vcenter_server | 4.1 | |
| vmware | vcenter_server | 4.1 | |
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server_appliance | 5.0 | |
| vmware | vcenter_server_appliance | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EAF333-0047-4B38-8EA0-E0D751DF681F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1:update_1:*:*:*:*:*:*",
"matchCriteriaId": "33905136-12C2-431A-A25C-01E94DAFC0FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1:update_2:*:*:*:*:*:*",
"matchCriteriaId": "08FA0F2D-9F52-4CA7-8F33-A61F0AFDCC43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "1BB32CC0-8A9B-4C15-9545-B2CA9A974E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "0DD9571C-CF1F-4EBA-AC8F-F0DF22106FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:update_2_rc:*:*:*:*:*:*",
"matchCriteriaId": "55061F78-8C5C-4049-9A2C-E5B034E5D290",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35D34345-0AD1-499C-9A74-982B2D3F305A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "3DF3F07E-6F4E-4B97-B313-7DA3E8A88451",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries."
},
{
"lang": "es",
"value": "VMware vCenter Server v4.1 anterio a Update 3 and v5.0 anterior a Update 2, y vCSA v5.0 anterior a Update 2, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de disco) mediante vectores que generan largas entradas en el log."
}
],
"id": "CVE-2012-6326",
"lastModified": "2024-11-21T01:46:00.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-22T20:55:01.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 13:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance."
},
{
"lang": "es",
"value": "vCenter Server contiene m\u00faltiples vulnerabilidades de escalada de privilegios locales debido a permisos inapropiados de archivos y directorios. Un usuario local autenticado con privilegios no administrativos puede explotar estos problemas para elevar sus privilegios a root en vCenter Server Appliance"
}
],
"id": "CVE-2021-22015",
"lastModified": "2024-11-21T05:49:26.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T13:15:07.827",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 13:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11082ABB-41A7-4B04-A287-8489B50BEBC0",
"versionEndExcluding": "4.3.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en un complemento de VMware vSphere Life-cycle Manager. Un actor malicioso con acceso de red al puerto 9087 en vCenter Server puede explotar este problema para eliminar archivos no cr\u00edticos"
}
],
"id": "CVE-2021-22018",
"lastModified": "2024-11-21T05:49:26.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T13:15:08.257",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-22 13:15
Modified
2024-11-21 07:41
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F73CF5A-EDD6-44DA-92DB-CBC149C5C639",
"versionEndExcluding": "7.0",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd)."
}
],
"id": "CVE-2023-20896",
"lastModified": "2024-11-21T07:41:46.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-22T13:15:09.590",
"references": [
{
"source": "security@vmware.com",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-10 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2020-0006 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2020-0006 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.7 |
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware vCenter Server Information Disclosure Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls."
},
{
"lang": "es",
"value": "Bajo determinadas condiciones, vmdir que se entrega con VMware vCenter Server, como parte de un Platform Services Controller (PSC) incorporado o externo, no implementa correctamente los controles de acceso."
}
],
"id": "CVE-2020-3952",
"lastModified": "2024-11-21T05:32:01.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-10T14:15:12.000",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0006"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-13 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
"matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*",
"matchCriteriaId": "AF7E87BB-1B5B-4F13-A70C-B3C6716E7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*",
"matchCriteriaId": "70A9244F-2C9C-4D7D-B384-08DDF95770DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*",
"matchCriteriaId": "2CBEA4F8-CBA3-4C71-96B3-47489F0D299C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3t:*:*:*:*:*:*",
"matchCriteriaId": "B40B0E23-410D-403D-811B-486EBF406E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:c:*:*:*:*:*:*",
"matchCriteriaId": "445FA649-B7F4-4AE2-A487-57357AC95241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
"matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
"matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*",
"matchCriteriaId": "02AE5983-CD14-4EAF-9F5C-1281E3DE7F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3o:*:*:*:*:*:*",
"matchCriteriaId": "EFDDF4CA-1C20-430E-A17C-CC2998F8BDDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3p:*:*:*:*:*:*",
"matchCriteriaId": "7D2B0FBA-8E4A-491E-8E22-AAD7DBB5FF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3q:*:*:*:*:*:*",
"matchCriteriaId": "126B4E78-DCE3-4375-80C9-3679F9BF107C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3r:*:*:*:*:*:*",
"matchCriteriaId": "5D7808C1-9548-4BAE-8EC5-6C406185757F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B1BC2E-BF28-4256-AA6C-468023C859EC",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido al registro de credenciales en texto plano. Un actor malintencionado con acceso a una estaci\u00f3n de trabajo que invoc\u00f3 una operaci\u00f3n ISO de vCenter Server Appliance (instalar/actualizar/migrar/restaurar) puede acceder a las contrase\u00f1as de texto plano utilizadas durante esa operaci\u00f3n."
}
],
"id": "CVE-2022-31697",
"lastModified": "2024-11-21T07:05:09.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-13T16:15:19.790",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-18 22:59
Modified
2024-11-21 02:35
Severity ?
Summary
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1033582 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2015-0006.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033582 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2015-0006.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FF8B2EC1-CACD-443C-A697-F744CB4611D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*",
"matchCriteriaId": "C06379AA-13C0-41FB-B63C-0C46D6DD0462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1a:*:*:*:*:*:*",
"matchCriteriaId": "0C0080A4-A72E-4F7F-AB4C-168F957EAE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1b:*:*:*:*:*:*",
"matchCriteriaId": "26AAFC76-9CB6-4F22-880C-0102BECEE04C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1c:*:*:*:*:*:*",
"matchCriteriaId": "AD83F1CE-CD2A-49B3-858D-8CE3F715DC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*",
"matchCriteriaId": "8339BAB3-D6C9-426A-9C1D-9F2AB946BF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2b:*:*:*:*:*:*",
"matchCriteriaId": "BDA978D2-DEA4-4EC9-8945-A6AEA5AA87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2d:*:*:*:*:*:*",
"matchCriteriaId": "455C1162-56F5-457A-97D1-B98CFD5F27CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2e:*:*:*:*:*:*",
"matchCriteriaId": "C6B794EE-70C2-4271-B946-202AB21CA477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "683C54AA-625C-4902-BE2A-EF4E263D2FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "74EE8EE5-54F0-4359-898B-C57C5B2AE7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*",
"matchCriteriaId": "F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "Vulnerabilidad en VMware vCenter Server 5.5 en versiones anteriores a u3 y 6.0 en versiones anteriores a u1, no verifica los certificados X.509 de los servidores TLS LDAP, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2015-6932",
"lastModified": "2024-11-21T02:35:54.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-18T22:59:09.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033582"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0006.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-15 13:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/100844 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039364 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0015.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100844 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039364 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0015.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97854C-DE5D-48B4-B5DB-C132E6D4B826",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page."
},
{
"lang": "es",
"value": "VMware vCenter Server (en versiones 6.5 anteriores a la 6.5 U1) contiene una vulnerabilidad que podr\u00eda permitir ataques de Cross-Site Scripting (XSS) persistente. Un atacante con privilegios de usuario VC puede inyectar c\u00f3digos JavaScript maliciosos, que se ejecutar\u00e1n cuando otros usuarios VC accedan a la p\u00e1gina."
}
],
"id": "CVE-2017-4926",
"lastModified": "2024-11-21T03:26:41.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-15T13:29:00.277",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100844"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039364"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-20 15:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securitytracker.com/id/1040026 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040026 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the \u0027showlog\u0027 plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS."
},
{
"lang": "es",
"value": "VMware vCenter Server Appliance (vCSA) (6.5 anteriores a 6.5 U1d) contiene una vulnerabilidad de escalado de privilegios locales mediante el plugin showlog. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda resultar en que un usuario poco privilegiado obtenga privilegios a nivel de root en el sistema operativo base de la m\u00e1quina."
}
],
"id": "CVE-2017-4943",
"lastModified": "2024-11-21T03:26:43.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-20T15:29:00.327",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040026"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-26 15:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0010.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0010.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
"matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
"matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E65D7D-C5C1-4F9B-A470-2B1E34D2C429",
"versionEndExcluding": "3.10.2.1",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD049DD-5223-42EA-BCBF-DC86C2A90D41",
"versionEndExcluding": "4.2.1",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication."
},
{
"lang": "es",
"value": "VSphere Client (HTML5) contiene una vulnerabilidad en un mecanismo de autenticaci\u00f3n de vSphere para los plugins Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager y VMware Cloud Director Availability.\u0026#xa0;Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede llevar a cabo acciones permitidas por los plugins afectados sin autenticaci\u00f3n"
}
],
"id": "CVE-2021-21986",
"lastModified": "2024-11-21T05:49:22.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-26T15:15:07.973",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-01 16:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/99997 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039013 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0013.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99997 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039013 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0013.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97854C-DE5D-48B4-B5DB-C132E6D4B826",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature."
},
{
"lang": "es",
"value": "VMware vCenter Server en su versi\u00f3n 6.5 anterior a la 6.5 U1 contiene una vulnerabilidad de fuga de informaci\u00f3n. Esta vulnerabilidad permite que se obtengan credenciales en texto plano cuando se utiliza la funci\u00f3n de copia de seguridad de archivos de vCenter Server Appliance."
}
],
"id": "CVE-2017-4923",
"lastModified": "2024-11-21T03:26:40.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-01T16:29:00.430",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99997"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039013"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 21:15
Modified
2024-11-21 04:45
Severity ?
Summary
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2019-0013.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2019-0013.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "74EE8EE5-54F0-4359-898B-C57C5B2AE7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*",
"matchCriteriaId": "F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:u1:*:*:*:*:*:*",
"matchCriteriaId": "C914E1AB-DF4F-4A68-8893-EDA57E048147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:u1b:*:*:*:*:*:*",
"matchCriteriaId": "7ECFC0C8-C8EC-4E44-9E90-5D4C67B5F339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:u3:*:*:*:*:*:*",
"matchCriteriaId": "7E2BAD93-38DE-4C23-8953-4E199996537B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "8838067B-0AB5-4C6A-B201-73C193FEFA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "34EDDB03-6DA9-48FE-B7F2-FBBCDF5D8385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update2m:*:*:*:*:*:*",
"matchCriteriaId": "2E8C89BF-93F3-419A-83B7-B617A3DF31D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "4E38D9BC-1BFA-45B5-AC25-A6DB3F025D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3b:*:*:*:*:*:*",
"matchCriteriaId": "3F803DFB-4172-4D60-94DE-F20370859617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "F99ACFA4-3EEF-4151-80E9-701537DB8D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "C4591535-4081-4DF7-B115-53D1014C83CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "22C17858-6EBB-4807-A230-3F53670A69FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "77A98613-F61B-4801-840E-6F281A98B381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "D0122FA8-0D5F-4296-B00B-9BA00CBAE64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "76F6CA9D-16DB-450B-A226-93FC151AB631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "D441FEB9-5773-4E20-9B3E-B6F634F773E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF33103-ECDD-427B-A445-2D7F90202FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:c:*:*:*:*:*:*",
"matchCriteriaId": "445FA649-B7F4-4AE2-A487-57357AC95241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97854C-DE5D-48B4-B5DB-C132E6D4B826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine)."
},
{
"lang": "es",
"value": "VMware vCenter Server (versi\u00f3n 6.7.x anterior a 6.7 U3, versi\u00f3n 6.5 anterior a 6.5 U3 y versi\u00f3n 6.0 anterior a 6.0 U3j), contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido al registro de credenciales en texto plano para m\u00e1quinas virtuales implementadas por medio de OVF. Un usuario malicioso con acceso a los archivos de registro que contienen propiedades OVF de vCenter de una m\u00e1quina virtual implementada desde un OVF puede ser capaz de visualizar las credenciales usadas para implementar el OVF (com\u00fanmente la cuenta root de la m\u00e1quina virtual)."
}
],
"id": "CVE-2019-5532",
"lastModified": "2024-11-21T04:45:08.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T21:15:13.313",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0013.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-11 18:30
Modified
2024-11-21 01:04
Severity ?
Summary
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxml | 1.8.17 | |
| xmlsoft | libxml2 | 2.5.10 | |
| xmlsoft | libxml2 | 2.6.16 | |
| xmlsoft | libxml2 | 2.6.26 | |
| xmlsoft | libxml2 | 2.6.27 | |
| xmlsoft | libxml2 | 2.6.32 | |
| fedoraproject | fedora | 10 | |
| fedoraproject | fedora | 11 | |
| debian | debian_linux | 4.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 5.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| chrome | * | ||
| apple | safari | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x_server | * | |
| apple | mac_os_x_server | * | |
| apple | mac_os_x_server | * | |
| opensuse | opensuse | * | |
| suse | linux_enterprise | 10.0 | |
| suse | linux_enterprise | 11.0 | |
| suse | linux_enterprise_server | 9 | |
| vmware | vcenter_server | 4.0 | |
| vmware | vma | 4.0 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| sun | openoffice.org | * | |
| sun | openoffice.org | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C0B552-67E9-48E5-ABFB-AF0CD6DA46FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D463EC3C-88F1-46D9-ADB6-6283DC23B0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD69C98-11AB-4BB5-A91A-F029BA0E1DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8135B1-FB22-4755-A5ED-CDB16E3E85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4685BF-394A-4426-980A-2B1D37737C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7069A49C-038C-4E7B-AF03-4D90D5734414",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6172AF57-B26D-45F8-BE3A-F75ABDF28F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5725BE44-B621-422F-B9E2-D400ACFC43EC",
"versionEndExcluding": "2.0.172.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77BC4840-8A34-40F9-873B-DF0F4CADCBDD",
"versionEndExcluding": "4.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38364EB5-F557-4763-A555-9D66F51DE24B",
"versionEndExcluding": "4.0",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E0F574-6859-45A6-B160-7DDE92C07CC7",
"versionEndExcluding": "10.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A880FA4-5DBF-4894-8DAC-C3CD147D1EB7",
"versionEndExcluding": "10.5.8",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B30A1267-231F-44CA-9484-8849C1808DEC",
"versionEndExcluding": "10.6.2",
"versionStartIncluding": "10.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D0444E-6B76-46EE-95EF-617F8967F6B6",
"versionEndExcluding": "10.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F74FAC0-CC05-4797-9DE2-F7CE5CB8FC19",
"versionEndExcluding": "10.5.8",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F769B77-FF42-442C-8D1A-4E2AE1F5DF39",
"versionEndExcluding": "10.6.2",
"versionStartIncluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF141FBE-4CA5-4695-94A0-8BE1309D28CC",
"versionEndIncluding": "11.1",
"versionStartIncluding": "10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AED08A6F-CD23-4405-B1CF-C96BB8AE7D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1608E282-2E96-4447-848D-DBE915DB0EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D467EE9D-6A1F-4462-9BDA-C68B7EE375E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "902BA958-06AA-4EDF-9F9E-1030083EA361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE88D8C-9CC3-46D1-9F26-290BC679F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:openoffice.org:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100F1988-1FF0-483A-9A56-F02A398343D4",
"versionEndExcluding": "2.4.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:openoffice.org:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12DF9C72-2B26-432D-9A16-1D21D2E54557",
"versionEndExcluding": "3.1.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de uso anterior a la liberaci\u00f3n en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una ,manipulaci\u00f3n de (1) una notaci\u00f3n o (2) tipos de atributo de enumeraci\u00f3n en un fichero XML como se demostr\u00f3 en Codenomicon XML fuzzing framework."
}
],
"id": "CVE-2009-2416",
"lastModified": "2024-11-21T01:04:49.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-08-11T18:30:00.983",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35036"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36207"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36338"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36417"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37346"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3949"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36010"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3217"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-15 14:59
Modified
2024-11-21 02:47
Severity ?
Summary
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1035570 | Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1035571 | Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1035572 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2016-0004.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035570 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035571 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035572 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2016-0004.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcloud_automation_identity_appliance | 6.2.4 | |
| vmware | vcloud_director | 5.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:1b:*:*:*:*:*:*",
"matchCriteriaId": "FAB3B893-E993-4DA0-BA88-2CA063FE4752",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:*",
"matchCriteriaId": "23D847E4-5869-476A-B85F-29D8D5FDB68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:*",
"matchCriteriaId": "5F8CC145-0D3F-4E42-BA46-403586EC608A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:u3c:*:*:*:*:*:*",
"matchCriteriaId": "9C0AEA4D-0544-43B4-B0E7-8FA2459530A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcloud_automation_identity_appliance:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E52DED3B-17F6-4FC9-B407-A466B1AA002C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcloud_director:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0606C081-EA52-4D6A-B033-9D3CB1C836FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site."
},
{
"lang": "es",
"value": "Client Integration Plugin (CIP) en VMware vCenter Server 5.5 U3a, U3b y U3c y 6.0 en versiones anteriores a U2; vCloud Director 5.5.5; y vRealize Automation Identity Appliance 6.2.4 en versiones anteriores a 6.2.4.1 no maneja adecuadamente el contenido de sesi\u00f3n, lo que permite a atacantes remotos secuestrar sesiones a trav\u00e9s de un sitio web manipulado."
}
],
"id": "CVE-2016-2076",
"lastModified": "2024-11-21T02:47:45.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-15T14:59:10.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035570"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035571"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035572"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0004.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-22 19:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "127DEE95-0B04-4A98-B96A-15CC253C7357",
"versionEndExcluding": "3.10.2.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "722CF000-C0A1-4704-BDC6-3446D1530F3B",
"versionEndExcluding": "4.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
"matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
"matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
"matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*",
"matchCriteriaId": "02AE5983-CD14-4EAF-9F5C-1281E3DE7F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de denegaci\u00f3n de servicio debido al an\u00e1lisis incorrecto de entidades XML. Un actor malicioso con acceso de usuario no administrativo al vCenter Server vSphere Client (HTML5) o al vCenter Server vSphere Web Client (FLEX/Flash) puede explotar este problema para crear una condici\u00f3n de denegaci\u00f3n de servicio en el host de vCenter Server"
}
],
"id": "CVE-2021-21992",
"lastModified": "2024-11-21T05:49:23.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-22T19:15:09.733",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-25 01:30
Modified
2024-11-21 01:01
Severity ?
Summary
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| opensuse | opensuse | 10.3 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.1 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_server | 10 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 5.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| vmware | vcenter_server | 4.0 | |
| vmware | virtualcenter | 2.0.2 | |
| vmware | virtualcenter | 2.5 | |
| microsoft | windows | - | |
| vmware | server | 2.0.0 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | vma | 4.0 | |
| redhat | enterprise_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2735F338-6C83-49C7-8DA0-E4754BE828E4",
"versionEndExcluding": "2.6.28.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D467EE9D-6A1F-4462-9BDA-C68B7EE375E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF5385-64AA-48AD-A5FE-25918E4F07D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "902BA958-06AA-4EDF-9F9E-1030083EA361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option."
},
{
"lang": "es",
"value": "nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petici\u00f3n de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros que ha sido exportado con la opci\u00f3n root_squash."
}
],
"id": "CVE-2009-1072",
"lastModified": "2024-11-21T01:01:35.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-25T01:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34422"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34432"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34786"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35121"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35185"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35343"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35390"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35394"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35656"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG, via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1081.html .\n\nThis issue is not planned to be fixed in Red Hat Enterprise Linux 2.1 and 3, due to these products being in Production 3 of their maintenance life-cycles, where only qualified security errata of important or critical impact are addressed.\n\nFor further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ .",
"lastModified": "2009-09-10T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-17 11:17
Modified
2024-11-21 02:09
Severity ?
Summary
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.1 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server_appliance | 5.1 | |
| vmware | esxi | 5.1 | |
| oracle | fusion_middleware | 10.0.2 | |
| oracle | fusion_middleware | 10.3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0492A2B-EBE2-4303-B8BD-8511D191D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FECF06B5-3915-48F0-A140-41C7A27EE99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7217CBE1-3882-4045-A15C-EE7D4174CA00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66F77B48-8DD3-4067-96CF-F7F8A92E03AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:10.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "60E0074D-084B-486B-AE30-C6B91F5AF16D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0 y 10.3.6.0 permite a atacantes remotos afectar la integridad a trav\u00e9s de vectores relacionados con WLS - Web Services."
}
],
"id": "CVE-2014-4241",
"lastModified": "2024-11-21T02:09:47.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-17T11:17:09.997",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/68649"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "secalert_us@oracle.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/68649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94559"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-03 01:59
Modified
2024-11-21 02:35
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.1 | |
| vmware | vcenter_server | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0492A2B-EBE2-4303-B8BD-8511D191D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el vSphere Web Client in VMware vCenter Server 5.0 en versiones anteriores a U3g, 5.1 en versiones anteriores a U3d y 5.5 en versiones anteriores a U2d permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-6931",
"lastModified": "2024-11-21T02:35:53.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T01:59:00.140",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036112"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-20 17:15
Modified
2024-11-21 05:32
Severity ?
Summary
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2020-0023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2020-0023.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "102115DE-F589-4153-9597-160D82FBAFC7",
"versionEndExcluding": "3.9",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates."
},
{
"lang": "es",
"value": "VMware vCenter Server (versiones 6.7 anteriores a 6.7u3, versiones 6.6 anteriores a 6.5u3k), contiene una vulnerabilidad de secuestro de sesi\u00f3n en la funci\u00f3n de actualizaci\u00f3n de la vCenter Server Appliance Management Interface debido a la falta de comprobaci\u00f3n del certificado.\u0026#xa0;Un actor malicioso con posicionamiento de red entre vCenter Server y un repositorio de actualizaciones puede ser capaz de realizar un secuestro de sesi\u00f3n cuando la vCenter Server Appliance Management Interface es usado para descargar actualizaciones de vCenter"
}
],
"id": "CVE-2020-3994",
"lastModified": "2024-11-21T05:32:07.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-20T17:15:12.967",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 14:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/101786 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039759 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0017.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101786 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039759 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0017.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4916113B-4E8D-435B-829B-6E4449117F76",
"versionEndExcluding": "6.0_u3c",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3401DF9F-5606-4ABA-A84F-4909405F6955",
"versionEndExcluding": "6.5_u1",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service."
},
{
"lang": "es",
"value": "VMware vCenter Server (en versiones 6.5 anteriores a la 6.5 U1 y versiones 6.0 anteriores a la 6.0 U3c) no gestiona correctamente paquetes de red LDAP especialmente manipulados, lo que puede permitir que se provoque una denegaci\u00f3n de servicio de forma remota."
}
],
"id": "CVE-2017-4927",
"lastModified": "2024-11-21T03:26:41.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T14:29:00.450",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101786"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039759"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-90"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de endpoint de API no autenticada en vCenter Server Content Library. Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema para llevar a cabo una manipulaci\u00f3n no autenticada de la configuraci\u00f3n de red de las M\u00e1quinas Virtuales"
}
],
"id": "CVE-2021-22011",
"lastModified": "2024-11-21T05:49:26.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:07.990",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-24 17:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0027.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0027.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | 3.0 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B4EACDFF-B042-4AC9-A87E-D8F27F7BBDAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_1:*:*:*:*:*:*",
"matchCriteriaId": "15255D34-EA1C-4ECC-A42B-BF30C76CD0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_1b:*:*:*:*:*:*",
"matchCriteriaId": "AAC2EF17-99FB-4619-A093-8DA02311DE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_1c:*:*:*:*:*:*",
"matchCriteriaId": "A6C763C8-8B5D-4219-98BB-FBCF544F5373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_1d:*:*:*:*:*:*",
"matchCriteriaId": "8C7AB0A5-FCA4-4782-875B-C5C3F08C3C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_1e:*:*:*:*:*:*",
"matchCriteriaId": "8E75F600-0799-42BD-91A9-1742E86DAE7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_1g:*:*:*:*:*:*",
"matchCriteriaId": "C5F819AB-DDDA-49CE-ABF8-0766E8FC214E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_2:*:*:*:*:*:*",
"matchCriteriaId": "9087A90E-54B9-483D-B673-21C57B44706C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_2b:*:*:*:*:*:*",
"matchCriteriaId": "9237FAA7-E07F-47F1-A518-9C693EE3DA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_2c:*:*:*:*:*:*",
"matchCriteriaId": "FCB2E419-6088-423E-9CF3-878FBA365759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_2d:*:*:*:*:*:*",
"matchCriteriaId": "572463FF-3FDF-4A0B-B46A-21633BF68575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_2g:*:*:*:*:*:*",
"matchCriteriaId": "F5F5B72F-CB59-41EB-87DF-C1C023BD2E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_3:*:*:*:*:*:*",
"matchCriteriaId": "84DCDFB0-E4B0-4B26-BB26-E08D278591AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_3d:*:*:*:*:*:*",
"matchCriteriaId": "EBD703BC-39D0-4F7B-B210-790430C8622E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_3f:*:*:*:*:*:*",
"matchCriteriaId": "97A33095-C15B-46EF-A817-0783329A83FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_3k:*:*:*:*:*:*",
"matchCriteriaId": "A11BB22E-5787-4335-8A54-DDBC36D5A3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_3n:*:*:*:*:*:*",
"matchCriteriaId": "1C4A270B-D8F3-4582-B0F2-6BE1EC9F47A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_3p:*:*:*:*:*:*",
"matchCriteriaId": "517936D0-0FBA-45A2-B5FE-EBB14939E171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update_3q:*:*:*:*:*:*",
"matchCriteriaId": "7F3EF498-E22C-44BE-9A66-5C2DE2ABB696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_1:*:*:*:*:*:*",
"matchCriteriaId": "D7D1387A-B6E1-4CB0-9E7A-44856CE6BA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_1b:*:*:*:*:*:*",
"matchCriteriaId": "514A54F8-BC3C-4086-AF36-5F04CF15F263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_2:*:*:*:*:*:*",
"matchCriteriaId": "B5BB7E8F-395F-4222-8F02-27A40490A588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_2a:*:*:*:*:*:*",
"matchCriteriaId": "B44735EC-9EEC-46E6-BD2E-1AA73A3D4632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_2c:*:*:*:*:*:*",
"matchCriteriaId": "DB137E84-2F63-400E-9936-F1E313245B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3:*:*:*:*:*:*",
"matchCriteriaId": "68F0E573-C385-481F-8829-12FBE9269B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3a:*:*:*:*:*:*",
"matchCriteriaId": "CAA1C918-B449-4964-820B-9702E6EEDC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3b:*:*:*:*:*:*",
"matchCriteriaId": "2DA3AC16-8836-41DD-98C5-00B2FF0A7B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3f:*:*:*:*:*:*",
"matchCriteriaId": "15FE3165-7056-46BC-88FD-66F033C24505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3g:*:*:*:*:*:*",
"matchCriteriaId": "D992B2FF-7F91-4BA3-97E2-ABEDC48940F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3j:*:*:*:*:*:*",
"matchCriteriaId": "66E9E563-D0C3-4595-88A6-FD611C0AFC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3l:*:*:*:*:*:*",
"matchCriteriaId": "EF7D724D-CC0F-4E60-8E86-4875F3077C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3m:*:*:*:*:*:*",
"matchCriteriaId": "218878C7-8759-47EA-97AF-286D5062812C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3n:*:*:*:*:*:*",
"matchCriteriaId": "0E92E11F-44FE-481C-9212-B0EE45B128A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3o:*:*:*:*:*:*",
"matchCriteriaId": "7494090C-C5E4-46E9-8222-6096731FC7C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
},
{
"lang": "es",
"value": "El cliente web de vSphere (FLEX/Flash), contiene una vulnerabilidad de lectura arbitraria de archivos no autorizada. Un actor malicioso con acceso a la red al puerto 443 en vCenter Server puede explotar este problema para conseguir acceso a informaci\u00f3n confidencial"
}
],
"id": "CVE-2021-21980",
"lastModified": "2024-11-21T05:49:21.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-24T17:15:07.623",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n local en el servicio Analytics. Un usuario autenticado con privilegios no administrativos puede explotar este problema para conseguir acceso a informaci\u00f3n confidencial"
}
],
"id": "CVE-2021-22007",
"lastModified": "2024-11-21T05:49:25.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:07.803",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-28 22:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/100102 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039004 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.vmware.com/security/advisories/VMSA-2017-0012.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100102 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039004 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2017-0012.html | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97854C-DE5D-48B4-B5DB-C132E6D4B826",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate."
},
{
"lang": "es",
"value": "VMware vCenter Server versiones 5.5, 6.0, 6.5, permite a los usuarios de vSphere con ciertos privilegios de vSphere limitados usar la API VIX para acceder a los Sistemas Operativos Invitados sin la necesidad de autenticarse."
}
],
"id": "CVE-2017-4919",
"lastModified": "2024-11-21T03:26:40.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-28T22:29:00.193",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100102"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039004"
},
{
"source": "security@vmware.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0012.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-22 12:15
Modified
2024-11-21 07:41
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B93342-5BD7-49A8-83E7-8B6D547F2EE5",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication."
}
],
"id": "CVE-2023-20895",
"lastModified": "2024-11-21T07:41:46.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-22T12:15:10.893",
"references": [
{
"source": "security@vmware.com",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-21 10:54
Modified
2024-11-21 01:58
Severity ?
Summary
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 4.0.0.10021 | |
| vmware | vcenter_server | 4.0.0.12305 | |
| vmware | vcenter_server | 4.1 | |
| vmware | vcenter_server | 4.1.0.12319 | |
| vmware | vcenter_server | 4.1.0.14766 | |
| vmware | vcenter_server | 4.1.0.17435 | |
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:update_2_rc:*:*:*:*:*:*",
"matchCriteriaId": "6C91183F-DC5E-4BDC-B6FB-A03BB3138D05",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0.0.10021:*:*:*:*:*:*:*",
"matchCriteriaId": "D80868B6-6384-4F64-95BB-21B09522C992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0.0.12305:*:*:*:*:*:*:*",
"matchCriteriaId": "119725A0-0CF0-4A7C-A25E-22F495B361E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EAF333-0047-4B38-8EA0-E0D751DF681F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1.0.12319:*:*:*:*:*:*:*",
"matchCriteriaId": "FF498405-2A20-4EBD-AF2F-61442DEB3FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1.0.14766:*:*:*:*:*:*:*",
"matchCriteriaId": "8899D39A-1F6F-458F-83CE-CBD0340E098A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1.0.17435:*:*:*:*:*:*:*",
"matchCriteriaId": "AE56BC41-C1F5-4746-96EB-DE6B4A43A7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "0DD9571C-CF1F-4EBA-AC8F-F0DF22106FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el vSphere Web Client Server de VMware vCenter Server 5.0 anterior a Update 3 permite a atacantes remotos secuestrar sesiones web y obtener privilegios a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-5971",
"lastModified": "2024-11-21T01:58:31.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-21T10:54:30.567",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/98718"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/63218"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/98718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88134"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-24 17:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
References
Impacted products
{
"cisaActionDue": "2022-03-21",
"cisaExploitAdd": "2022-03-07",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1995769A-1AB9-47FA-966A-8E82D414161E",
"versionEndExcluding": "3.10.1.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A608D809-6E65-4228-9207-CB470529C542",
"versionEndExcluding": "4.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."
},
{
"lang": "es",
"value": "El VSphere Client (HTML5) contiene una vulnerabilidad SSRF (Server Side Request Forgery) debido a una comprobaci\u00f3n inapropiada de las URL en un plugin de vCenter Server.\u0026#xa0;Un actor malicioso con acceso de red al puerto 443 puede explotar este problema mediante el env\u00edo de una petici\u00f3n POST al plugin vCenter Server conllevando a una divulgaci\u00f3n de informaci\u00f3n.\u0026#xa0;Esto afecta a: VMware vCenter Server (versiones 7.x anteriores a 7.0 U1c, versiones 6.7 anteriores a 6.7 U3l y versiones 6.5 anteriores a 6.5 U3n) y VMware Cloud Foundation (versiones 4.x anteriores a 4.2 y versiones 3.x anteriores a 3.10.1.2)"
}
],
"id": "CVE-2021-21973",
"lastModified": "2024-11-21T05:49:21.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-24T17:15:15.923",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de denegaci\u00f3n de servicio en el servicio VPXD. Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema para crear una condici\u00f3n de denegaci\u00f3n de servicio debido al consumo excesivo de memoria por parte del servicio VPXD"
}
],
"id": "CVE-2021-22010",
"lastModified": "2024-11-21T05:49:26.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:07.940",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-22 19:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "127DEE95-0B04-4A98-B96A-15CC253C7357",
"versionEndExcluding": "3.10.2.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "722CF000-C0A1-4704-BDC6-3446D1530F3B",
"versionEndExcluding": "4.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
"matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF33103-ECDD-427B-A445-2D7F90202FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
"matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
"matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*",
"matchCriteriaId": "02AE5983-CD14-4EAF-9F5C-1281E3DE7F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash)."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de escalada de privilegios local debido a la forma en que maneja los tokens de sesi\u00f3n. Un actor malicioso con acceso de usuario no administrativo en el host de vCenter Server puede explotar este problema para escalar los privilegios a administrador en vSphere Client (HTML5) o vCenter Server vSphere Web Client (FLEX/Flash)"
}
],
"id": "CVE-2021-21991",
"lastModified": "2024-11-21T05:49:23.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-22T19:15:09.093",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-16 01:00
Modified
2024-11-21 01:17
Severity ?
Summary
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EAF333-0047-4B38-8EA0-E0D751DF681F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n vCenter Tomcat Management en VMware vCenter Server v4.1 anterior a Update 1, almacena credenciales de inicio de sesi\u00f3n en un archivo de configuraci\u00f3n, que permite a usuarios locales obtener privilegios mediante la lectura de este archivo."
}
],
"id": "CVE-2010-2928",
"lastModified": "2024-11-21T01:17:40.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-16T01:00:02.337",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70859"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43307"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8079"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el servicio VAPI (vCenter API). Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema mediante el env\u00edo de un mensaje json-rpc especialmente dise\u00f1ado para conseguir acceso a informaci\u00f3n confidencial"
}
],
"id": "CVE-2021-22008",
"lastModified": "2024-11-21T05:49:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:07.847",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-25 18:17
Modified
2024-11-21 08:06
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "561A702A-DB0C-4E67-AF6C-9994B99DA56C",
"versionEndIncluding": "5.5",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains a partial information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de divulgaci\u00f3n parcial de informaci\u00f3n. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados."
}
],
"id": "CVE-2023-34056",
"lastModified": "2024-11-21T08:06:29.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:27.953",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 14:29
Modified
2024-11-21 03:26
Severity ?
Summary
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/101785 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039759 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0017.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101785 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039759 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0017.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*",
"matchCriteriaId": "C06379AA-13C0-41FB-B63C-0C46D6DD0462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1a:*:*:*:*:*:*",
"matchCriteriaId": "0C0080A4-A72E-4F7F-AB4C-168F957EAE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1b:*:*:*:*:*:*",
"matchCriteriaId": "26AAFC76-9CB6-4F22-880C-0102BECEE04C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1c:*:*:*:*:*:*",
"matchCriteriaId": "AD83F1CE-CD2A-49B3-858D-8CE3F715DC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*",
"matchCriteriaId": "8339BAB3-D6C9-426A-9C1D-9F2AB946BF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2b:*:*:*:*:*:*",
"matchCriteriaId": "BDA978D2-DEA4-4EC9-8945-A6AEA5AA87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2d:*:*:*:*:*:*",
"matchCriteriaId": "455C1162-56F5-457A-97D1-B98CFD5F27CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2e:*:*:*:*:*:*",
"matchCriteriaId": "C6B794EE-70C2-4271-B946-202AB21CA477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3:*:*:*:*:*:*",
"matchCriteriaId": "BDE11C9F-D31E-4E9F-ABC6-FFA1BD56DEEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:*",
"matchCriteriaId": "23D847E4-5869-476A-B85F-29D8D5FDB68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:*",
"matchCriteriaId": "5F8CC145-0D3F-4E42-BA46-403586EC608A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3d:*:*:*:*:*:*",
"matchCriteriaId": "279E7753-5CA1-4622-8B9E-10FF3004941B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3e:*:*:*:*:*:*",
"matchCriteriaId": "FE7A5CA2-6F73-4250-B3C8-DCA0F34AB405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:b:*:*:*:*:*:*",
"matchCriteriaId": "551415D9-20A2-4F1B-A954-ED97849FBD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:c:*:*:*:*:*:*",
"matchCriteriaId": "12EED8B4-FC24-4E6A-A6ED-4BF10B65C049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:1:*:*:*:*:*:*",
"matchCriteriaId": "43BEE461-85B7-4C19-8FBA-4460186DC58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:1b:*:*:*:*:*:*",
"matchCriteriaId": "E8249B2E-251F-4ED9-836F-E5D4C90D4EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:2:*:*:*:*:*:*",
"matchCriteriaId": "ED78D4B1-5959-46F1-8DEE-7DE3BE38BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:2a:*:*:*:*:*:*",
"matchCriteriaId": "04B290DB-03A4-4BA0-93FE-4BD9BC5ED8BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:2m:*:*:*:*:*:*",
"matchCriteriaId": "6C722953-08D7-4763-84CB-144D40D99EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:3:*:*:*:*:*:*",
"matchCriteriaId": "D97ADC1A-5382-4CA0-AA1F-B460205B397C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:3a:*:*:*:*:*:*",
"matchCriteriaId": "22F7C55C-877C-4DA2-869D-96FAA7527C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:3b:*:*:*:*:*:*",
"matchCriteriaId": "01214586-9344-4CB7-BE76-174EA3234654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "74EE8EE5-54F0-4359-898B-C57C5B2AE7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*",
"matchCriteriaId": "F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure."
},
{
"lang": "es",
"value": "vSphere Web Client basado en flash(en versiones 6.0 anteriores a la 6.0 U3c y versiones 5.5 anteriores a la 5.5 U3f), es decir, no el nuevo vSphere Client basado en HTML5, contiene problemas de inyecci\u00f3n SSRF y CRLF debido a una neutralizaci\u00f3n incorrecta de URL. Un atacante puede explotar estos errores enviando una petici\u00f3n POST con cabeceras modificadas a servicios internos, lo que da lugar a una revelaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2017-4928",
"lastModified": "2024-11-21T03:26:41.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T14:29:00.483",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101785"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039759"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 12:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de salto de ruta de archivos que conlleva a una divulgaci\u00f3n de informaci\u00f3n en la API de administraci\u00f3n de dispositivos. Un actor malicioso con acceso de red al puerto 443 de vCenter Server puede explotar este problema para conseguir acceso a informaci\u00f3n confidencial"
}
],
"id": "CVE-2021-22013",
"lastModified": "2024-11-21T05:49:26.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T12:15:08.083",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-17 18:15
Modified
2024-11-22 02:00
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 |
{
"cisaActionDue": "2024-12-11",
"cisaExploitAdd": "2024-11-20",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware vCenter Server Heap-Based Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:*",
"matchCriteriaId": "1188E9D6-53AD-40D0-8146-3728D071008D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "89D5A7F9-3183-4EE7-828C-13BB9169E199",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de desbordamiento de pila en la implementaci\u00f3n del protocolo DCERPC. Un agente malintencionado con acceso de red al vCenter Server puede desencadenar esta vulnerabilidad enviando un paquete de red especialmente manipulado que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2024-38812",
"lastModified": "2024-11-22T02:00:03.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T18:15:03.920",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@vmware.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-28 16:15
Modified
2024-11-21 04:45
Severity ?
Summary
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial resultando de la falta de comprobaci\u00f3n del certificado durante las operaciones de Copia de Seguridad y Restauraci\u00f3n Basadas en Archivos de VMware vCenter Server Appliance (versiones 6.7 anteriores a 6.7u3a y versiones 6.5 anteriores a 6.5u3d), puede permitir a un actor malicioso interceptar datos confidenciales en tr\u00e1nsito por medio de FTPS y HTTPS. Un actor malicioso con un posicionamiento de tipo man-in-the-middle entre vCenter Server Appliance y una copia de seguridad objetivo, puede interceptar datos confidenciales en tr\u00e1nsito durante las operaciones de Copia de Seguridad y Restauraci\u00f3n Basadas en Archivos."
}
],
"id": "CVE-2019-5537",
"lastModified": "2024-11-21T04:45:09.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-28T16:15:14.887",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 13:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "127DEE95-0B04-4A98-B96A-15CC253C7357",
"versionEndExcluding": "3.10.2.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "722CF000-C0A1-4704-BDC6-3446D1530F3B",
"versionEndExcluding": "4.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de denegaci\u00f3n de servicio en el servicio VAPI (vCenter API). Un actor malicioso con acceso a la red al puerto 5480 en vCenter Server puede explotar este problema mediante el env\u00edo de un mensaje jsonrpc especialmente dise\u00f1ado para crear una condici\u00f3n de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-22019",
"lastModified": "2024-11-21T05:49:27.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T13:15:08.310",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-28 16:15
Modified
2024-11-21 04:45
Severity ?
Summary
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.5 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 | |
| vmware | vcenter_server | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial resultando de la falta de comprobaci\u00f3n del certificado durante las operaciones de Copia de Seguridad y Restauraci\u00f3n Basadas en Archivos de VMware vCenter Server Appliance (versiones 6.7 anteriores a 6.7u3a y versiones 6.5 anteriores a 6.5u3d), puede permitir a un actor malicioso interceptar datos confidenciales en tr\u00e1nsito por medio de SCP. Un actor malicioso con un posicionamiento de tipo man-in-the-middle entre vCenter Server Appliance y una copia de seguridad objetivo, puede ser capaz de interceptar datos confidenciales en tr\u00e1nsito durante las operaciones de Copia de Seguridad y Restauraci\u00f3n Basadas en Archivos."
}
],
"id": "CVE-2019-5538",
"lastModified": "2024-11-21T04:45:09.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-28T16:15:14.963",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2019-0018.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-01 16:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/100012 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039013 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0013.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100012 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039013 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0013.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3D97854C-DE5D-48B4-B5DB-C132E6D4B826",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted."
},
{
"lang": "es",
"value": "VMware vCenter Server en su versi\u00f3n 6.5 anterior a la 6.5 U1 tiene un problema de fuga de informaci\u00f3n puesto que el script de inicio del servicio utiliza directorios modificables por cualquier usuario para almacenar temporalmente informaci\u00f3n cr\u00edtica. Si se explota con \u00e9xito esta vulnerabilidad, podr\u00eda permitir que los usuarios host sin privilegios accedan a informaci\u00f3n cr\u00edtica cuando el servicio se reinicie."
}
],
"id": "CVE-2017-4922",
"lastModified": "2024-11-21T03:26:40.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-01T16:29:00.320",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100012"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039013"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0013.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-12 10:59
Modified
2024-11-21 02:27
Severity ?
Summary
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.1 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0492A2B-EBE2-4303-B8BD-8511D191D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol."
},
{
"lang": "es",
"value": "El servicio JMX RMI en Vmware vCenter Server 5.0 en versiones anteriores a u3e, 5.1 en versiones anteriores a u3b, 5.5 en versiones anteriores a u3 y 6.0 en versiones anterioes a u1 no restringe el registro de Mbeans, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del protocolo RMI."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
"id": "CVE-2015-2342",
"lastModified": "2024-11-21T02:27:15.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-12T10:59:01.633",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76930"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1033720"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-455"
},
{
"source": "cve@mitre.org",
"url": "https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-13 19:15
Modified
2024-11-21 06:47
Severity ?
Summary
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0018.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0018.html | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BAF38C-348A-46F6-A1D4-1625D68EDD5A",
"versionEndIncluding": "3.11",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326A2867-797D-4AA9-8D2C-43E8CDA0BCFC",
"versionEndIncluding": "4.3.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
"matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*",
"matchCriteriaId": "AF7E87BB-1B5B-4F13-A70C-B3C6716E7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*",
"matchCriteriaId": "70A9244F-2C9C-4D7D-B384-08DDF95770DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*",
"matchCriteriaId": "2CBEA4F8-CBA3-4C71-96B3-47489F0D299C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
"matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
"matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*",
"matchCriteriaId": "02AE5983-CD14-4EAF-9F5C-1281E3DE7F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3o:*:*:*:*:*:*",
"matchCriteriaId": "EFDDF4CA-1C20-430E-A17C-CC2998F8BDDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3p:*:*:*:*:*:*",
"matchCriteriaId": "7D2B0FBA-8E4A-491E-8E22-AAD7DBB5FF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3q:*:*:*:*:*:*",
"matchCriteriaId": "126B4E78-DCE3-4375-80C9-3679F9BF107C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."
},
{
"lang": "es",
"value": "El servidor vCenter contiene una vulnerabilidad de tipo server-side request forgery (SSRF). Un actor malicioso con acceso de red a 443 en el vCenter Server puede explotar este problema al acceder a una petici\u00f3n de URL fuera del vCenter Server o accediendo a un servicio interno"
}
],
"id": "CVE-2022-22982",
"lastModified": "2024-11-21T06:47:44.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-13T19:15:09.607",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-15 12:09
Modified
2024-11-21 01:49
Severity ?
Summary
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 4.0 | |
| vmware | vcenter_server | 4.1 | |
| vmware | virtualcenter | 2.5 | |
| vmware | vsphere_client | 4.0 | |
| vmware | vsphere_client | 4.1 | |
| vmware | vi-client | 2.5 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.0 | |
| vmware | esxi | 4.1 | |
| vmware | esx | 3.5 | |
| vmware | esx | 3.5 | |
| vmware | esx | 3.5 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | esx | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "8BDBAABE-D43C-491B-A3D2-8A625A8524E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1:update_3:*:*:*:*:*:*",
"matchCriteriaId": "05AA5E52-299B-4B2A-AB6C-909005831AD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vsphere_client:4.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "D07E4CB7-7337-454A-8088-ADD06CDF39A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vsphere_client:4.1:update_3:*:*:*:*:*:*",
"matchCriteriaId": "ECE82311-7CA2-4E73-8EDB-AE399E14A860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "671C0883-F9AE-45F9-9632-4373A4E93E80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE88D8C-9CC3-46D1-9F26-290BC679F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*",
"matchCriteriaId": "58ED8AB4-0FDF-4752-B44E-56F58593CE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*",
"matchCriteriaId": "0A4E41C0-31FA-47AA-A9BF-B9A6C1D44801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*",
"matchCriteriaId": "AF016EE7-083A-4D62-A6D4-2807EB47B6DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*",
"matchCriteriaId": "8F11844A-3C6C-4AA5-87DC-979AFF62867A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*",
"matchCriteriaId": "AC463653-A599-45CF-8EA9-8854D5C59963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDE707D-A1F4-4829-843E-F6633BB84D6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "37A5D726-3D38-44D5-B509-1B8B003903A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "A4DA3B20-A743-4F37-A095-65161FFBEB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "FF7C3C65-BE63-407E-9CFD-E571025C3E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
},
{
"lang": "es",
"value": "VMware vCenter Server v4.0 anteriormente Update v4b y v4.1 anteriormente Update v3a, VMware VirtualCenter v2.5, VMware vSphere Client v4.0 anteriormente Update v4b y 4.1 anteriormente Update v3a, VMware VI-Client v2.5, VMware ESXi v3.5 hasta v4.1, y VMware ESX v3.5 hasta v4.1 no implementa correctamente el protocolo de gesti\u00f3n de autentificaci\u00f3n, el cual permite a servidores remotos ejecutar c\u00f3digo o causar una denegaci\u00f3n de servicios en la memoria corrupta por vectores sin especificar."
}
],
"id": "CVE-2013-1405",
"lastModified": "2024-11-21T01:49:30.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-15T12:09:29.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-24 17:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
References
Impacted products
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware vCenter Server Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1995769A-1AB9-47FA-966A-8E82D414161E",
"versionEndExcluding": "3.10.1.2",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A608D809-6E65-4228-9207-CB470529C542",
"versionEndExcluding": "4.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."
},
{
"lang": "es",
"value": "El VSphere Client (HTML5) contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en un plugin de vCenter Server.\u0026#xa0;Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios no restringidos en el sistema operativo subyacente que aloja vCenter Server.\u0026#xa0;Esto afecta a VMware vCenter Server (versiones 7.x anteriores a 7.0 U1c, versiones 6.7 anteriores a 6.7 U3l y versiones 6.5 anteriores a 6.5 U3n) y VMware Cloud Foundation (versiones 4.x anteriores a 4.2 y versiones 3.x anteriores a 3.10.1.2)"
}
],
"id": "CVE-2021-21972",
"lastModified": "2024-11-21T05:49:20.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-24T17:15:15.833",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html"
},
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-18 06:15
Modified
2024-11-21 09:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*",
"matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*",
"matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:*",
"matchCriteriaId": "8D8F6CC7-6B6D-4079-9E2C-A85C4616FF92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:*",
"matchCriteriaId": "A814F0AB-4AEB-4139-976F-425A4A9EC67B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*",
"matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "604F559F-1775-4F29-996E-9079B99345B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "61DC9400-5AEE-49AC-9925-0A96E32BD8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "98C1B77E-AB0E-4E8A-8294-2D3D230CDF9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "8EC8BEF1-7908-46C0-841A-834778D1A863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8DFE6-9C74-4711-A8AF-3B170876A1F9",
"versionEndExcluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de desbordamiento de mont\u00f3n en la implementaci\u00f3n del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar esta vulnerabilidad al enviar un paquete de red especialmente manipulado que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2024-37080",
"lastModified": "2024-11-21T09:23:09.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-18T06:15:11.640",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 13:15
Modified
2024-11-21 05:49
Severity ?
Summary
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vcenter_server | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de tipo cross-site scripting vulnerability reflejado debido a una falta de saneo de entrada. Un atacante puede explotar este problema para ejecutar scripts maliciosos al enga\u00f1ar a la v\u00edctima para que haga clic en un enlace malicioso"
}
],
"id": "CVE-2021-22016",
"lastModified": "2024-11-21T05:49:26.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T13:15:08.150",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-29 09:59
Modified
2024-11-21 02:58
Severity ?
Summary
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/94486 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1037329 | ||
| security@vmware.com | http://www.vmware.com/security/advisories/VMSA-2016-0022.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94486 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037329 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2016-0022.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 5.5 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 | |
| vmware | vcenter_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*",
"matchCriteriaId": "C06379AA-13C0-41FB-B63C-0C46D6DD0462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*",
"matchCriteriaId": "8339BAB3-D6C9-426A-9C1D-9F2AB946BF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3a:*:*:*:*:*:*",
"matchCriteriaId": "23D847E4-5869-476A-B85F-29D8D5FDB68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:3b:*:*:*:*:*:*",
"matchCriteriaId": "5F8CC145-0D3F-4E42-BA46-403586EC608A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7499E57A-1F9C-45F0-93F8-F3FB7B0F990F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:1:*:*:*:*:*:*",
"matchCriteriaId": "43BEE461-85B7-4C19-8FBA-4460186DC58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:1b:*:*:*:*:*:*",
"matchCriteriaId": "E8249B2E-251F-4ED9-836F-E5D4C90D4EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:2:*:*:*:*:*:*",
"matchCriteriaId": "ED78D4B1-5959-46F1-8DEE-7DE3BE38BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:2m:*:*:*:*:*:*",
"matchCriteriaId": "6C722953-08D7-4763-84CB-144D40D99EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*",
"matchCriteriaId": "74EE8EE5-54F0-4359-898B-C57C5B2AE7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*",
"matchCriteriaId": "F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
},
{
"lang": "es",
"value": "VMware vCenter Server 5.5 en versiones anteriores a U3e y 6.0 en versiones anteriores a U2a permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de un documento (1) Log Browser, (2) Distributed Switch setup, o (3) Content Library XML que contiene una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionado con un problema XML External Entity (XXE)."
}
],
"id": "CVE-2016-7459",
"lastModified": "2024-11-21T02:58:03.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-29T09:59:00.633",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94486"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1037329"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-22 12:15
Modified
2024-11-21 07:41
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B93342-5BD7-49A8-83E7-8B6D547F2EE5",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server."
}
],
"id": "CVE-2023-20893",
"lastModified": "2024-11-21T07:41:46.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-22T12:15:10.490",
"references": [
{
"source": "security@vmware.com",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-22 12:15
Modified
2024-11-21 07:41
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 7.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 | |
| vmware | vcenter_server | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22B93342-5BD7-49A8-83E7-8B6D547F2EE5",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*",
"matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*",
"matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*",
"matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*",
"matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption."
}
],
"id": "CVE-2023-20894",
"lastModified": "2024-11-21T07:41:46.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-22T12:15:10.740",
"references": [
{
"source": "security@vmware.com",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0014.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-12 10:59
Modified
2024-11-21 02:24
Severity ?
Summary
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | 5.0 | |
| vmware | vcenter_server | 5.1 | |
| vmware | vcenter_server | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46C704E0-E165-4A44-A104-6C5B83A83237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0492A2B-EBE2-4303-B8BD-8511D191D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B12523A-5C1E-408F-BB4B-98EF32C7D676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message."
},
{
"lang": "es",
"value": "vpxd en Vmware vCenter Server 5.0 en versiones anteriores a u3e, 5.1 en versiones anteriores a u3 y 5.5 en versiones anteriores a u2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de un mensaje heartbeat largo."
}
],
"id": "CVE-2015-1047",
"lastModified": "2024-11-21T02:24:32.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-12T10:59:00.117",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76932"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1033720"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-21 13:15
Modified
2024-11-21 05:32
Severity ?
Summary
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2020-0018.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2020-0018.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F22BFA96-7E07-4E05-90A4-45A2F2FC2064",
"versionEndExcluding": "3.10",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2667C2B-79D7-4B9E-9EB9-566427C8DFF8",
"versionEndExcluding": "4.0.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*",
"matchCriteriaId": "04FA10C6-2B0D-47C9-8C4E-1BA98C97DC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*",
"matchCriteriaId": "0D2ED442-3F6D-472A-AA98-51D05A65B2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*",
"matchCriteriaId": "2A71EC72-3389-4EC7-8104-2A78F7B8C0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*",
"matchCriteriaId": "F948E806-0F73-4145-A723-7A43BA45842B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*",
"matchCriteriaId": "75FAFF86-C65F-4723-8A63-BACE2F797937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*",
"matchCriteriaId": "DBC31DE3-ACFE-422F-B253-2FE4AAFE3954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*",
"matchCriteriaId": "B30B3EA4-495F-4915-B6E3-5FB9277C2DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*",
"matchCriteriaId": "6FA9E337-B4F3-4895-BA58-962F8CDEE73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*",
"matchCriteriaId": "830B0BC1-A368-49AC-B6C9-B000972EF92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*",
"matchCriteriaId": "614394F3-3BEE-4E12-AABF-436D54A04313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*",
"matchCriteriaId": "350FD3CE-8B64-4FCF-82DE-BE941156F4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*",
"matchCriteriaId": "C9EAE177-6C7E-4C1B-ADEE-2C036F731272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*",
"matchCriteriaId": "DFFEEC31-8462-4DF9-A1DA-D7057C209CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*",
"matchCriteriaId": "0AC6BC16-0A1D-44B3-BA68-63EA05EDD54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*",
"matchCriteriaId": "942DAD67-9455-4D02-BD3B-BFD2DE7A7E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*",
"matchCriteriaId": "7ACC1A72-F6B6-430A-AB89-AB0A11587F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*",
"matchCriteriaId": "45111C74-BF6F-4C05-A0D3-CE325AD0C02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*",
"matchCriteriaId": "B1CE5849-01B1-4E36-83E8-496A3F328C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*",
"matchCriteriaId": "A879BA05-3A80-4EBC-AA9D-9B53695425B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*",
"matchCriteriaId": "3D65A0E8-A1E0-42F3-B77D-2F32979278BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*",
"matchCriteriaId": "80C10150-39BA-4818-B48F-8645D4A0D316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*",
"matchCriteriaId": "9792B986-86EF-40E0-9427-A45F858717E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*",
"matchCriteriaId": "37EDD688-C91A-4A35-913A-82E156ADD242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*",
"matchCriteriaId": "5CC1AC0E-8D3F-46C0-BDA9-EB9DC9971F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*",
"matchCriteriaId": "47DA50DA-7CA4-4B76-8B3B-A5732509F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*",
"matchCriteriaId": "76EB1A04-0645-4909-AEF9-33D6FADA4793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*",
"matchCriteriaId": "F1A35723-D968-42D6-89EB-86CA550516E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*",
"matchCriteriaId": "C3AC8A19-F98E-48F1-A1EA-EAA1C7208335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*",
"matchCriteriaId": "2D6A3952-8429-4762-8701-47D7C1F05A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*",
"matchCriteriaId": "5B007609-C312-469B-BACF-04D6D80DADF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*",
"matchCriteriaId": "514F2ECD-FC55-42A5-BEE4-DA7641CC93A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*",
"matchCriteriaId": "3594E391-19CD-4803-8285-FA11BE63AB05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*",
"matchCriteriaId": "2CEC248D-502E-4A8D-8786-CD72A2E3AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*",
"matchCriteriaId": "4F08529C-B14C-45FB-AEA1-77D12C88CB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*",
"matchCriteriaId": "617835F5-49DA-4B42-8C7B-C122D7363A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*",
"matchCriteriaId": "E7DF3ED7-FA3F-4EBC-99AC-B7AD20E85927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*",
"matchCriteriaId": "9ED86C29-2EA6-41DD-ACCB-1E02F9CB747E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*",
"matchCriteriaId": "DE1372AD-2853-4BED-BB71-6BACB28B95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*",
"matchCriteriaId": "F0E684DF-9E45-459E-AB75-6B4653E5C7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*",
"matchCriteriaId": "B3DDD3E9-186F-472C-BA76-C2A363206792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*",
"matchCriteriaId": "A09E9914-DB27-41EF-B55D-5B79ECD1DA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201908001:*:*:*:*:*:*",
"matchCriteriaId": "7F916A39-13BD-44A7-A9EC-1FD40EBE357C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201910001:*:*:*:*:*:*",
"matchCriteriaId": "4F8219B4-1FC2-4383-83E6-92DF700C72D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-20191004001:*:*:*:*:*:*",
"matchCriteriaId": "C44C9D6A-8BBE-4970-A732-B9F86D42A55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201911001:*:*:*:*:*:*",
"matchCriteriaId": "427F4ED8-8782-4BDF-A559-11CB8E0A65F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201911401:*:*:*:*:*:*",
"matchCriteriaId": "63DDC95E-BBCD-4A68-9AFB-B5F9D206818E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201911402:*:*:*:*:*:*",
"matchCriteriaId": "B27E3424-5D4E-4E5D-8762-7AECBB11FE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912001:*:*:*:*:*:*",
"matchCriteriaId": "2D217AAB-D45F-480B-8F82-16B261F370D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912002:*:*:*:*:*:*",
"matchCriteriaId": "1B58312B-D72B-4F13-9EF5-0F42CE592757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912101:*:*:*:*:*:*",
"matchCriteriaId": "8FBB88C2-793A-40F2-AA40-EC315115AE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912102:*:*:*:*:*:*",
"matchCriteriaId": "21F59801-904B-427F-A1A9-C933E38AB7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912103:*:*:*:*:*:*",
"matchCriteriaId": "5A3FFDE9-FD36-41F9-AC35-E14BB6AEF7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912104:*:*:*:*:*:*",
"matchCriteriaId": "D22AFAE1-F817-4037-8EE5-AF04314AAAB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912301:*:*:*:*:*:*",
"matchCriteriaId": "8D4C44D6-73AD-48A3-B5F3-31B1FDC77E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912401:*:*:*:*:*:*",
"matchCriteriaId": "5D1694B2-1CD9-4943-8CFF-38218CDB88F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912402:*:*:*:*:*:*",
"matchCriteriaId": "154B54C8-1D65-4D3E-A64B-CF2D21E71FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912403:*:*:*:*:*:*",
"matchCriteriaId": "D86BCD56-4BD6-4C61-B80E-12E47D12A00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201912404:*:*:*:*:*:*",
"matchCriteriaId": "6741A159-1D92-4E25-BD43-606DE1138D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-202005001:*:*:*:*:*:*",
"matchCriteriaId": "DCC98C53-EEC1-4CFE-9C31-9F2592723B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-202006001:*:*:*:*:*:*",
"matchCriteriaId": "C565246C-896C-4E48-8C24-344C9B0A3057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-202007001:*:*:*:*:*:*",
"matchCriteriaId": "8479F377-4F47-433D-867D-A94A4B0E46EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B2792D06-A73E-4A56-A152-82E1AD4E707D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*",
"matchCriteriaId": "0CE9D758-2170-4ACD-965C-C76BDA693466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*",
"matchCriteriaId": "FD4A373B-2AC6-4193-9C34-1E4EEB552A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*",
"matchCriteriaId": "E75F4E15-2C5F-4667-B8A4-0EE9895FAEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*",
"matchCriteriaId": "8B75B45F-E25A-4362-856D-465A9F8B70DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*",
"matchCriteriaId": "EDA4AE4C-3BA8-472D-950A-3C8684565CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*",
"matchCriteriaId": "6AA3617D-B911-4BC5-B544-B31D4F43D2B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*",
"matchCriteriaId": "CDC6E0F6-83DF-4670-8D04-A41C7DC1B881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*",
"matchCriteriaId": "047A71B3-CDFB-41F3-B2DE-11360DAE5744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*",
"matchCriteriaId": "F88691FD-F263-4B75-BF21-481BC1623C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*",
"matchCriteriaId": "D2A47CDA-D3DD-4E0F-8268-32A188EA1D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*",
"matchCriteriaId": "36A67476-2E8E-4104-9F10-7AE42F82508F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*",
"matchCriteriaId": "ED029F1A-96D0-4EF2-9148-FC98E8B8FDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*",
"matchCriteriaId": "E2283675-582F-44A8-833B-B5B439CBFA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*",
"matchCriteriaId": "94C4A188-6B00-48C4-B7E2-9F70811BF618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*",
"matchCriteriaId": "F82943E9-E2D0-49F4-BD32-40E84BA1957E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*",
"matchCriteriaId": "3ACB68F5-EC73-4C30-8FD3-F6647F9BCCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*",
"matchCriteriaId": "B854BA24-11FD-4D0C-9EFD-A88E64FED4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*",
"matchCriteriaId": "554434AB-763F-4E95-B616-F7594041D511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*",
"matchCriteriaId": "CE56E7AC-F63D-4A4B-9B45-0E623973B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*",
"matchCriteriaId": "36664142-0111-42F5-A371-AD2C0DF211EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*",
"matchCriteriaId": "49EA78B6-8208-4351-88F9-103CA01EF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*",
"matchCriteriaId": "27AC575F-9AC4-4AA1-A71C-BF9F752295F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*",
"matchCriteriaId": "4C0F47F3-0509-45AC-8EA9-37246E4E6095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*",
"matchCriteriaId": "CE103301-6AEF-4348-8F36-833021739AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*",
"matchCriteriaId": "8D92B2FF-8962-41F9-B019-D83AAAD188FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*",
"matchCriteriaId": "8E6D5227-3421-412F-9BE0-583AA768446D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*",
"matchCriteriaId": "BD2F52AF-D7EF-4F57-8F04-B0C6CD3FED63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*",
"matchCriteriaId": "82BA9EB1-4EFB-4649-92C7-2C307966956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*",
"matchCriteriaId": "2133378D-8DFD-48B9-83A1-9FA7DDC68902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*",
"matchCriteriaId": "57BF8703-0C83-4BA5-B0F7-FB6E45229685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*",
"matchCriteriaId": "DAADDD62-2F6E-4D12-A49F-3D38ACF488E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*",
"matchCriteriaId": "B5834F35-6D9A-48E5-BB5C-3A7D6CCE36D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*",
"matchCriteriaId": "27FA0C0E-B5A2-4619-998B-CFB45496D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*",
"matchCriteriaId": "B98EDBA4-0BA4-4894-B6F6-681117A5C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*",
"matchCriteriaId": "8E756914-2C2A-4999-AAEA-2F6835A29C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*",
"matchCriteriaId": "0AC0C89B-26A3-40F7-855F-5F6B36B77F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*",
"matchCriteriaId": "5BF2FE18-A90E-429A-98D1-9A97DD0464B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*",
"matchCriteriaId": "92289D85-0652-41D1-A6BA-D4B8C7EE1F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*",
"matchCriteriaId": "CF41887D-B145-4D01-9AEF-2E36479B2FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*",
"matchCriteriaId": "0FEAF0ED-BD20-4BA6-BB23-1C978B823A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*",
"matchCriteriaId": "36234CE1-FA7E-4534-9720-410435E2BAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*",
"matchCriteriaId": "ABE65721-57C0-4748-B159-F6D97CE8CAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*",
"matchCriteriaId": "CD1889D7-3313-4004-AA42-7879E8551413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*",
"matchCriteriaId": "494E0B07-CE16-46D4-A89B-4F12A6CECDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*",
"matchCriteriaId": "DD046237-16D7-4A57-9F09-2A6A649368C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*",
"matchCriteriaId": "8343E8DB-1D54-4B82-9254-2E2AFC548609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*",
"matchCriteriaId": "F853B5B8-E8F8-4EA2-90EB-0603F4AADAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*",
"matchCriteriaId": "0169E032-F47A-45E0-BC33-B7DF54EC11BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904201:*:*:*:*:*:*",
"matchCriteriaId": "B0FCF0BB-9905-415A-8E30-DB96CCC49782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904202:*:*:*:*:*:*",
"matchCriteriaId": "0C02E0DF-7656-475B-B028-10406DAB30F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904203:*:*:*:*:*:*",
"matchCriteriaId": "41340C91-4E96-4578-BB96-6758EBE072E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904204:*:*:*:*:*:*",
"matchCriteriaId": "FAE29DD3-BFC7-4781-A805-DE379CAB3DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904205:*:*:*:*:*:*",
"matchCriteriaId": "322DC091-A4A1-4534-AB5C-0030114A63D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904206:*:*:*:*:*:*",
"matchCriteriaId": "4B23002D-D157-412F-B2ED-CD4504C79987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904207:*:*:*:*:*:*",
"matchCriteriaId": "8A2AE141-7503-4C0B-B0F1-B67A898FDF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904208:*:*:*:*:*:*",
"matchCriteriaId": "4547B798-9F00-4B28-B667-9D38B9E3591B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904209:*:*:*:*:*:*",
"matchCriteriaId": "53129601-DDA4-4BF4-8F63-A88890F2D7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904210:*:*:*:*:*:*",
"matchCriteriaId": "B48B12F8-0B49-404E-A6B4-1F6108687C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904211:*:*:*:*:*:*",
"matchCriteriaId": "8CED027A-5B1B-44CC-81DA-AAD00D551C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904212:*:*:*:*:*:*",
"matchCriteriaId": "94F87F69-37DD-4170-ACA0-742EE8CFD00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904213:*:*:*:*:*:*",
"matchCriteriaId": "ACC3D191-BB1B-4875-9A58-1E6D53128062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904214:*:*:*:*:*:*",
"matchCriteriaId": "BD858E05-6FDE-4EDE-95C7-CA16B66BE7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904215:*:*:*:*:*:*",
"matchCriteriaId": "FFCC4027-ED2E-4993-9C3E-FDEBF94EFF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904216:*:*:*:*:*:*",
"matchCriteriaId": "62772E13-0198-4021-9FB0-59124086B21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904217:*:*:*:*:*:*",
"matchCriteriaId": "C8A565A1-E4F0-4683-9DD6-D3B595A0B2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904218:*:*:*:*:*:*",
"matchCriteriaId": "7B8868CD-EA52-438C-BFDD-EB41C98BA425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904219:*:*:*:*:*:*",
"matchCriteriaId": "2F42557E-2FB2-4902-A6E8-CDDDC5E6CAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904220:*:*:*:*:*:*",
"matchCriteriaId": "00ECE661-E187-4999-B2CC-CF0EBAE83253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904221:*:*:*:*:*:*",
"matchCriteriaId": "6C225598-9636-4095-84FE-DD671F2D6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904222:*:*:*:*:*:*",
"matchCriteriaId": "58C577E8-4B2B-4D91-AFCA-81C7FA04B897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904223:*:*:*:*:*:*",
"matchCriteriaId": "B7F8E29D-A3C1-4223-BDC3-CCED7C6FC86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904224:*:*:*:*:*:*",
"matchCriteriaId": "41DE747D-30C9-470D-8447-47B8C95311EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904225:*:*:*:*:*:*",
"matchCriteriaId": "9D4D1283-BEC0-4FFC-8DC1-812D7A069F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904226:*:*:*:*:*:*",
"matchCriteriaId": "97F27723-5065-4A57-AF07-F9BD35B9B32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904227:*:*:*:*:*:*",
"matchCriteriaId": "94383F22-6A4B-43A5-BA4D-6D25698DFF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904228:*:*:*:*:*:*",
"matchCriteriaId": "0F27B6FA-DFF5-4A67-BA3A-E34F38DC3D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904229:*:*:*:*:*:*",
"matchCriteriaId": "E58409B9-DCF2-4383-8A39-D7CE0136EFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201905001:*:*:*:*:*:*",
"matchCriteriaId": "00CF4E83-EA1C-4058-8BCC-09B495255F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201906002:*:*:*:*:*:*",
"matchCriteriaId": "86626D15-8D73-48BA-970B-CE661D5BB59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908101:*:*:*:*:*:*",
"matchCriteriaId": "2308CED4-314E-4CFE-8B1F-7B6CAA637A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908102:*:*:*:*:*:*",
"matchCriteriaId": "9969057F-BD3A-474E-8A02-087575A8AA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908103:*:*:*:*:*:*",
"matchCriteriaId": "7111974A-2A88-4209-8CBB-F872993AE4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908104:*:*:*:*:*:*",
"matchCriteriaId": "35722902-3652-44F1-89C2-08EB51F2A1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908201:*:*:*:*:*:*",
"matchCriteriaId": "E469AC46-D464-4960-8F23-CA59B3DCB7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908202:*:*:*:*:*:*",
"matchCriteriaId": "9CAD88F2-F1AA-4DDE-9E27-52090E2BD49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908203:*:*:*:*:*:*",
"matchCriteriaId": "48F3D2BF-3A1D-4C49-94F5-EDB11E57821C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908204:*:*:*:*:*:*",
"matchCriteriaId": "739948F5-E005-49E3-B412-4E035C7D95E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908205:*:*:*:*:*:*",
"matchCriteriaId": "D1828A75-5088-4992-A06B-A58B62536F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908206:*:*:*:*:*:*",
"matchCriteriaId": "58030F5A-82E1-4D54-A8F0-30CAAD4C8402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908207:*:*:*:*:*:*",
"matchCriteriaId": "9A013753-5E40-4CD8-A649-6CD023E0A970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908208:*:*:*:*:*:*",
"matchCriteriaId": "F554BC79-A92C-4287-9D94-3657C48E36CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908209:*:*:*:*:*:*",
"matchCriteriaId": "F82710D4-3FAB-469F-B15C-F22B4786AE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908210:*:*:*:*:*:*",
"matchCriteriaId": "BDE7B96D-AD37-406D-AF62-3797E7A55119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908211:*:*:*:*:*:*",
"matchCriteriaId": "A9C294EC-F0BE-44DA-9073-D29D693F0964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908212:*:*:*:*:*:*",
"matchCriteriaId": "E05B6CD2-A581-46C2-AEA7-D8A6028FB466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908213:*:*:*:*:*:*",
"matchCriteriaId": "6CEC1380-E75E-40B5-BDE8-94E12317CCCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908214:*:*:*:*:*:*",
"matchCriteriaId": "C7B7079D-785C-4941-929A-C82B54809728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908215:*:*:*:*:*:*",
"matchCriteriaId": "A1ADE91B-0682-4EF9-8724-E0AFFF3685C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908216:*:*:*:*:*:*",
"matchCriteriaId": "31F8FFF5-25BD-408D-9089-567AF16BA608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908217:*:*:*:*:*:*",
"matchCriteriaId": "EE834CFD-5533-4989-8836-D0F07ED4919C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908218:*:*:*:*:*:*",
"matchCriteriaId": "092F9149-6B82-48CD-B90C-87DB36881F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908219:*:*:*:*:*:*",
"matchCriteriaId": "B2EA0EC1-0139-403C-AC9B-08D8530F4A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908220:*:*:*:*:*:*",
"matchCriteriaId": "5A3ADB57-5A7D-4B75-903C-FCBE1FAE9AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908221:*:*:*:*:*:*",
"matchCriteriaId": "755CCD27-3C87-497F-BDBB-48D3163909A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201911001:*:*:*:*:*:*",
"matchCriteriaId": "2130E67D-7F2A-4D82-BEFD-BA42B6B6FDA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912001:*:*:*:*:*:*",
"matchCriteriaId": "2635673A-1F6B-4B8D-9C8D-F2FFB9644373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912101:*:*:*:*:*:*",
"matchCriteriaId": "9C0DDCAC-576E-48B6-B67E-E74DBF6C5250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912102:*:*:*:*:*:*",
"matchCriteriaId": "1CE71B5C-586B-4829-9A7E-3A008A1C1E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912401:*:*:*:*:*:*",
"matchCriteriaId": "802A1549-678C-4001-807B-97AD0953B5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912402:*:*:*:*:*:*",
"matchCriteriaId": "A6024926-4AE4-4609-99DE-E3173A72058A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912403:*:*:*:*:*:*",
"matchCriteriaId": "AB1CAAFF-616A-4455-86CA-0ED553D3D27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912404:*:*:*:*:*:*",
"matchCriteriaId": "7C2C35E2-EDA5-4B0B-895B-09D2EE6A6B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201912405:*:*:*:*:*:*",
"matchCriteriaId": "13C713B1-AEA0-40B0-829E-4D0A23808577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004001:*:*:*:*:*:*",
"matchCriteriaId": "4C501A11-EF97-4402-9366-E624F1CBEDEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004002:*:*:*:*:*:*",
"matchCriteriaId": "52AE4120-4AAE-4F15-8575-4C480FBF7817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004301:*:*:*:*:*:*",
"matchCriteriaId": "04BAED99-1BF3-4089-B6E6-0BE505E6D846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004401:*:*:*:*:*:*",
"matchCriteriaId": "F318EA34-1EB7-484D-B016-3173683B0823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004402:*:*:*:*:*:*",
"matchCriteriaId": "08254171-3483-4796-AD29-8C8A66BEA7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004403:*:*:*:*:*:*",
"matchCriteriaId": "BB87B220-ED25-4818-8E70-A9663CCEF005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004404:*:*:*:*:*:*",
"matchCriteriaId": "1275D19D-05C0-42F8-8402-647E512DAC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004405:*:*:*:*:*:*",
"matchCriteriaId": "7D919EB9-F45B-4A4B-9887-7DE98065B766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004406:*:*:*:*:*:*",
"matchCriteriaId": "6CB29FBD-2AD3-49D0-9F49-AE4DD9192C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004407:*:*:*:*:*:*",
"matchCriteriaId": "C2ACA3A8-5B40-45C4-B47F-0DCF04D6700F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202004408:*:*:*:*:*:*",
"matchCriteriaId": "92E98665-4919-4D45-88CF-28835DADD6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202006001:*:*:*:*:*:*",
"matchCriteriaId": "C0A275B7-DBF3-4332-8B5F-C9CAD84229B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-202008001:*:*:*:*:*:*",
"matchCriteriaId": "497F58A2-0A2C-4A59-A73B-31C956EF3CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3."
},
{
"lang": "es",
"value": "VMware ESXi y vCenter Server, contienen una vulnerabilidad de denegaci\u00f3n de servicio parcial en sus respectivos servicios de autenticaci\u00f3n. VMware ha evaluado que la gravedad de este problema se encuentra en el rango de gravedad Moderada con una puntuaci\u00f3n base m\u00e1xima de CVSSv3 de 5.3."
}
],
"id": "CVE-2020-3976",
"lastModified": "2024-11-21T05:32:05.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T13:15:14.130",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0018.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-29 18:15
Modified
2024-11-21 06:47
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0009.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0009.html | Patch, Vendor Advisory |
Impacted products
{
"cisaActionDue": "2024-08-07",
"cisaExploitAdd": "2024-07-17",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware vCenter Server Incorrect Default File Permissions Vulnerability ",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28769D3C-0C46-4E6B-A8E2-75A7B64B1D47",
"versionEndExcluding": "3.11",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "42DF0955-2FDD-46BF-9932-AF2C8F8A7599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
"matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*",
"matchCriteriaId": "AF7E87BB-1B5B-4F13-A70C-B3C6716E7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
"matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
"matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*",
"matchCriteriaId": "02AE5983-CD14-4EAF-9F5C-1281E3DE7F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3o:*:*:*:*:*:*",
"matchCriteriaId": "EFDDF4CA-1C20-430E-A17C-CC2998F8BDDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido a un permiso inapropiado de los archivos. Un actor malicioso con acceso no administrativo al vCenter Server puede explotar este problema para conseguir acceso a informaci\u00f3n confidencial"
}
],
"id": "CVE-2022-22948",
"lastModified": "2024-11-21T06:47:39.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-03-29T18:15:08.040",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-08 01:59
Modified
2024-11-21 02:54
Severity ?
Summary
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | vcenter_server | * | |
| vmware | esxi | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:*:update_1b:*:*:*:*:*:*",
"matchCriteriaId": "168EE5FE-3C7E-435C-BCCF-9FA54C430715",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC77ADEA-F0B8-4E5D-B965-39397F823075",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en VMware vCenter Server 6.0 en versiones anteriores a U2 y ESXi 6.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separaci\u00f3n de respuestas HTTP a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-5331",
"lastModified": "2024-11-21T02:54:06.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-08T01:59:17.477",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2016/Aug/38"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539128/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92324"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036543"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036544"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036545"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/138211/VMware-vSphere-Hypervisor-ESXi-HTTP-Response-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2016/Aug/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539128/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0010.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-93"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-13 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEACD8D-30EF-44FE-839B-DA69E6CED23A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36847AD6-88CC-4228-AB4E-5161B381267C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3C214-DEFC-48D9-8728-31F19095375E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF5CF56-8DE1-42F5-9EC1-E5666DD7FA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36668618-33C3-460A-879B-A9741405C9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8266FD66-3BB6-4720-9D9F-06EFB38FA4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4C25D3-BC49-4727-B7A2-28C0F2E647EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9AB6FF-D508-42FF-8FB9-24B96AE2F03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "328785AE-390C-4CA2-9771-4A26387E4E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298B797F-C3B6-445C-AADB-8633B446F10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F97BA12F-A60D-4398-9CA8-DE2F7BACBA8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E19009EB-02D3-424A-947D-7B66EFCCE422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "89656A51-0840-4A27-B05B-7E54B0CF0521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11C27637-44C5-4678-AF19-82E6CB9B15E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D26128AF-864F-403E-A491-437FEC0BE1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8D11F7-A6C1-4E9A-A288-B90B90B0CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2DDABB-1590-4AE7-B96D-BB7FB209582D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79A33F-A1FF-438F-BC77-94ACC45F5488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "42DF0955-2FDD-46BF-9932-AF2C8F8A7599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D6348-E71A-4DA4-AC84-51397B2461A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E841E8EF-9500-4937-BAC4-8AB76C96A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4C5700-1AFE-49F6-AC92-09F2349345ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B23891F3-08B7-480B-9B83-81381E33212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC07793-6DB1-4ACD-976D-A370FFAE505A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0AA0D-0BE2-40C5-A432-F607EF66829C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C767B9C-CDAC-4651-B696-589726CDD5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E216CBB-8C99-46AA-B195-E16393354D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*",
"matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*",
"matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*",
"matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*",
"matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*",
"matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*",
"matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*",
"matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*",
"matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*",
"matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*",
"matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*",
"matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*",
"matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*",
"matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*",
"matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*",
"matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*",
"matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*",
"matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*",
"matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*",
"matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*",
"matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*",
"matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*",
"matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*",
"matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3q:*:*:*:*:*:*",
"matchCriteriaId": "AF7E87BB-1B5B-4F13-A70C-B3C6716E7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3r:*:*:*:*:*:*",
"matchCriteriaId": "70A9244F-2C9C-4D7D-B384-08DDF95770DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3s:*:*:*:*:*:*",
"matchCriteriaId": "2CBEA4F8-CBA3-4C71-96B3-47489F0D299C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3t:*:*:*:*:*:*",
"matchCriteriaId": "B40B0E23-410D-403D-811B-486EBF406E6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*",
"matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*",
"matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*",
"matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update_3o:*:*:*:*:*:*",
"matchCriteriaId": "7494090C-C5E4-46E9-8222-6096731FC7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*",
"matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*",
"matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*",
"matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*",
"matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*",
"matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*",
"matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*",
"matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*",
"matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*",
"matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*",
"matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*",
"matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*",
"matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*",
"matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*",
"matchCriteriaId": "02AE5983-CD14-4EAF-9F5C-1281E3DE7F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3o:*:*:*:*:*:*",
"matchCriteriaId": "EFDDF4CA-1C20-430E-A17C-CC2998F8BDDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3p:*:*:*:*:*:*",
"matchCriteriaId": "7D2B0FBA-8E4A-491E-8E22-AAD7DBB5FF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3q:*:*:*:*:*:*",
"matchCriteriaId": "126B4E78-DCE3-4375-80C9-3679F9BF107C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3r:*:*:*:*:*:*",
"matchCriteriaId": "5D7808C1-9548-4BAE-8EC5-6C406185757F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*",
"matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*",
"matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*",
"matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*",
"matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*",
"matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*",
"matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*",
"matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*",
"matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*",
"matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*",
"matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*",
"matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*",
"matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*",
"matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*",
"matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*",
"matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*",
"matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*",
"matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*",
"matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:cloud_foundation:3.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "835A61AF-D8FC-4E46-988C-F9617EB2F979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "583414A6-53B4-4866-A5ED-3D124DCD7B81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header."
},
{
"lang": "es",
"value": "vCenter Server contiene una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en el servicio de librer\u00eda de contenido. Un actor malintencionado con acceso de red al puerto 443 en vCenter Server puede aprovechar este problema para desencadenar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) enviando un encabezado especialmente manipulado."
}
],
"id": "CVE-2022-31698",
"lastModified": "2024-11-21T07:05:09.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-13T16:15:19.847",
"references": [
{
"source": "security@vmware.com",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}