Latest vmware vcenter server Vulnerabilities

CVE-2023-34056
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
VMware vCenter Server>=4.0<=5.5
VMware vCenter Server=7.0
VMware vCenter Server=7.0-a
VMware vCenter Server=7.0-b
VMware vCenter Server=7.0-c
VMware vCenter Server=7.0-d
and 32 more
CVE-2023-34048
VMware vCenter Server Out-of-Bounds Write Vulnerability
VMware vCenter Server>=4.0<=5.5
VMware vCenter Server=7.0
VMware vCenter Server=7.0-a
VMware vCenter Server=7.0-b
VMware vCenter Server=7.0-c
VMware vCenter Server=7.0-d
and 32 more
CVE-2023-20896
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound...
VMware vCenter Server>=4.0<7.0
VMware vCenter Server=7.0
VMware vCenter Server=7.0-a
VMware vCenter Server=7.0-b
VMware vCenter Server=7.0-c
VMware vCenter Server=7.0-d
and 27 more
CVE-2023-20895
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corrupti...
VMware vCenter Server<7.0
VMware vCenter Server=7.0
VMware vCenter Server=7.0-a
VMware vCenter Server=7.0-b
VMware vCenter Server=7.0-c
VMware vCenter Server=7.0-d
and 27 more
CVE-2023-20894
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-boun...
VMware vCenter Server<7.0
VMware vCenter Server=7.0
VMware vCenter Server=7.0-a
VMware vCenter Server=7.0-b
VMware vCenter Server=7.0-c
VMware vCenter Server=7.0-d
and 27 more
CVE-2023-20893
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execut...
VMware vCenter Server<7.0
VMware vCenter Server=7.0
VMware vCenter Server=7.0-a
VMware vCenter Server=7.0-b
VMware vCenter Server=7.0-c
VMware vCenter Server=7.0-d
and 27 more
CVE-2023-20892
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server...
VMware vCenter Server<7.0
VMware vCenter Server=7.0
VMware vCenter Server=7.0-a
VMware vCenter Server=7.0-b
VMware vCenter Server=7.0-c
VMware vCenter Server=7.0-d
and 27 more
CVE-2022-31698
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a de...
VMware Cloud Foundation=3.0
VMware Cloud Foundation=3.0.1
VMware Cloud Foundation=3.0.1.1
VMware Cloud Foundation=3.5
VMware Cloud Foundation=3.5.1
VMware Cloud Foundation=3.7
and 99 more
CVE-2022-31697
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Applian...
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
VMware vCenter Server=6.5-d
VMware vCenter Server=6.5-update1
and 64 more
CVE-2022-31680
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute a...
VMware vCenter Server<6.5
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
VMware vCenter Server=6.5-d
and 22 more
CVE-2022-22982
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request out...
VMware Cloud Foundation>=3.0<=3.11
VMware Cloud Foundation>=4.0<=4.3.1
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 63 more
CVE-2022-22948
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue t...
VMware Cloud Foundation>=3.0<3.11
VMware Cloud Foundation=3.11
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 57 more
CVE-2021-22049
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter ...
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22048
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Se...
VMware Cloud Foundation>=3.0<=3.10.2.2
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
VMware Cloud Foundation>=4.0<=4.1.0.1
CVE-2021-22018
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit th...
VMware Cloud Foundation>=4.0<4.3.1
VMware vCenter Server=7.0
CVE-2021-22016
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim int...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
CVE-2021-22017
VMware vCenter Server Improper Access Control
VMware vCenter Server=6.7
VMware vCenter Server
CVE-2021-22019
VMware Cloud Foundation>=3.0<3.10.2.2
VMware Cloud Foundation>=4.0<4.3
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22020
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter S...
VMware Cloud Foundation>=3.0<3.10.2.2
VMware Cloud Foundation>=4.0<4.3
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22015
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may ...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22014
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter ...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22013
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server m...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22012
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit ...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22005
VMware vCenter Server File Upload Vulnerability
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22009
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to cr...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22011
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to p...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22006
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-21993
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.5
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-22007
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sens...
VMware Cloud Foundation>=3.0<5.0
VMware vCenter Server=6.7
VMware vCenter Server=7.0
CVE-2021-21991
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploi...
VMware Cloud Foundation>=3.0<3.10.2.2
VMware Cloud Foundation>=4.0<4.3
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 51 more
CVE-2021-21992
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or ...
VMware Cloud Foundation>=3.0<3.10.2.2
VMware Cloud Foundation>=4.0<4.3
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 50 more
CVE-2021-21986
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availabi...
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
VMware vCenter Server=6.5-d
VMware vCenter Server=6.5-e
and 47 more
CVE-2021-21985
VMware vCenter Server Improper Input Validation Vulnerability
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
VMware vCenter Server=6.5-d
VMware vCenter Server=6.5-e
and 48 more
CVE-2021-21973
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
VMware Cloud Foundation>=3.0<3.10.1.2
VMware Cloud Foundation>=4.0<4.2
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 38 more
CVE-2021-21972
VMware vCenter Server Remote Code Execution Vulnerability
VMware Cloud Foundation>=3.0<3.10.1.2
VMware Cloud Foundation>=4.0<4.2
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 38 more
CVE-2020-3994
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate va...
VMware Cloud Foundation>=3.0<3.9
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
VMware vCenter Server=6.5-d
and 24 more
CVE-2020-3976
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0<4.0.1
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 223 more
CVE-2020-3952
VMware vCenter Server Information Disclosure Vulnerability
VMware vCenter Server=6.7
CVE-2019-5538
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a...
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
VMware vCenter Server=6.5-d
VMware vCenter Server=6.5-e
and 23 more
CVE-2019-5537
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a...
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
VMware vCenter Server=6.5-d
VMware vCenter Server=6.5-e
and 23 more
CVE-2019-5531
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b,...
VMware ESXi=6.7-670-201811001
VMware vSphere ESXi=6.7
VMware vSphere ESXi=6.7-update_1
VMware vSphere ESXi=6.5-a
VMware vSphere ESXi=6.5-u2
VMware vSphere ESXi=6.5
and 62 more
CVE-2019-5532
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual...
VMware vCenter Server=6.0
VMware vCenter Server=6.0-a
VMware vCenter Server=6.0-b
VMware vCenter Server=6.0-u1
VMware vCenter Server=6.0-u1b
VMware vCenter Server=6.0-u3
and 38 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203