Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_foundation
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 102 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-21 | CVE-2024-22235 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | Aria_operations, Cloud_foundation | 6.7 | ||
| 2024-07-11 | CVE-2024-22280 | VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. | Aria_automation, Cloud_foundation | 8.1 | ||
| 2021-03-31 | CVE-2021-21975 | Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | Cloud_foundation, Vrealize_operations_manager, Vrealize_suite_lifecycle_manager | 7.5 | ||
| 2022-04-11 | CVE-2022-22954 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access | 9.8 | ||
| 2025-03-04 | CVE-2025-22225 | VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. | Cloud_foundation, Esxi, Telco_cloud_infrastructure, Telco_cloud_platform | N/A | ||
| 2025-03-04 | CVE-2025-22224 | VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | Cloud_foundation, Esxi, Telco_cloud_infrastructure, Telco_cloud_platform, Workstation | 8.2 | ||
| 2025-03-04 | CVE-2025-22226 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | Cloud_foundation, Esxi, Fusion, Telco_cloud_infrastructure, Telco_cloud_platform, Workstation | 6.0 | ||
| 2024-05-21 | CVE-2024-22273 | The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. | Cloud_foundation, Esxi, Fusion, Workstation | 7.8 | ||
| 2022-04-13 | CVE-2022-22960 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. | Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access | 7.8 | ||
| 2022-03-29 | CVE-2022-22948 | The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. | Cloud_foundation, Vcenter_server | 6.5 |