Product:

Cloud_foundation

(Vmware)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 116
Date Id Summary Products Score Patch Annotated
2025-05-20 CVE-2025-41231 VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. Cloud_foundation N/A
2024-11-26 CVE-2024-38830 VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. Aria_operations, Cloud_foundation 7.8
2024-11-26 CVE-2024-38831 VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations. Aria_operations, Cloud_foundation 7.8
2024-11-26 CVE-2024-38832 VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. Aria_operations, Cloud_foundation 6.4
2024-11-26 CVE-2024-38833 VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. Aria_operations, Cloud_foundation 5.4
2024-11-26 CVE-2024-38834 VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. Aria_operations, Cloud_foundation 4.8
2025-01-30 CVE-2025-22218 VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs Aria_operations_for_logs, Cloud_foundation 7.7
2025-01-30 CVE-2025-22219 VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user. Aria_operations_for_logs, Cloud_foundation 9.0
2025-01-30 CVE-2025-22220 VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user. Aria_operations_for_logs, Cloud_foundation 5.4
2025-01-30 CVE-2025-22222 VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. Aria_operations, Cloud_foundation 6.5