Cloud_foundation - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Cloud_foundation
(Vmware)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	122

Date	Id	Summary	Products	Score	Patch	Annotated
2024-01-16	CVE-2023-34063	Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.	Aria_automation, Cloud_foundation	8.3
2024-06-18	CVE-2024-37081	The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.	Cloud_foundation, Vcenter_server	N/A
2025-05-20	CVE-2025-41231	VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.	Cloud_foundation	N/A
2024-11-26	CVE-2024-38830	VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.	Aria_operations, Cloud_foundation	7.8
2024-11-26	CVE-2024-38831	VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.	Aria_operations, Cloud_foundation	7.8
2024-11-26	CVE-2024-38832	VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.	Aria_operations, Cloud_foundation	6.4
2024-11-26	CVE-2024-38833	VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.	Aria_operations, Cloud_foundation	5.4
2024-11-26	CVE-2024-38834	VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.	Aria_operations, Cloud_foundation	4.8
2025-01-30	CVE-2025-22218	VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs	Aria_operations_for_logs, Cloud_foundation	7.7
2025-01-30	CVE-2025-22219	VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.	Aria_operations_for_logs, Cloud_foundation	9.0