Refine your search
41 vulnerabilities found for cloud_foundation by vmware
CVE-2025-41244 (GCVE-0-2025-41244)
Vulnerability from nvd
Published
2025-09-29 16:09
Modified
2025-11-04 21:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VCF operations |
Version: 9.0.x |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41244",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T03:56:00.543163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T22:20:23.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-30T00:00:00+00:00",
"value": "CVE-2025-41244 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:25.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/29/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VCF operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "9.0.1.0",
"status": "affected",
"version": "9.0.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware tools",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.0.5.0",
"status": "affected",
"version": "13.x.x.x",
"versionType": "commercial"
},
{
"lessThan": "12.5.4",
"status": "affected",
"version": "12.5.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "8.18.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "3.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "2.x",
"versionType": "commercial"
}
]
}
],
"datePublic": "2025-09-29T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious local actor with non-administrative privileges having access to a VM with \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Tools\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T16:16:24.967Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41244",
"datePublished": "2025-09-29T16:09:51.871Z",
"dateReserved": "2025-04-16T09:30:17.799Z",
"dateUpdated": "2025-11-04T21:10:25.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22226 (GCVE-0-2025-22226)
Vulnerability from nvd
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure vulnerability
Summary
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22226",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:25.321408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:26.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22226 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Workstation",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "VMware Fusion",
"vendor": "n/a",
"versions": [
{
"lessThan": "13.6.3",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, and Fusion contain\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;an information disclosure \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edue to an out-of-bounds read in HGFS.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain\u00a0an information disclosure vulnerability due to an out-of-bounds read in HGFS.\u00a0A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:57.541Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22226",
"datePublished": "2025-03-04T11:56:57.541Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:26.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22225 (GCVE-0-2025-22225)
Vulnerability from nvd
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary write vulnerability
Summary
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22225",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:23.988843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "CWE-123 Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:27.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22225 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi contains an \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003earbitrary write\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi contains an arbitrary write\u00a0vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary write vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:27.537Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22225",
"datePublished": "2025-03-04T11:56:27.537Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:27.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22224 (GCVE-0-2025-22224)
Vulnerability from nvd
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Heap-overflow vulnerability
Summary
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22224",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:22.499570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:28.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22224 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, and Workstation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:39:46.987Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22224",
"datePublished": "2025-03-04T11:56:12.317Z",
"dateReserved": "2025-01-02T04:29:30.445Z",
"dateUpdated": "2025-10-21T22:55:28.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38813 (GCVE-0-2024-38813)
Vulnerability from nvd
Published
2024-09-17 17:13
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Version: 8.0 < 8.0 U3b Version: 7.0 < 7.0 U3s |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0_u3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0_u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0_u3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0_u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38813",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:18:12.716736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:44.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38813 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains a privilege escalation vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273 Improper Check for Dropped Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:13.924Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38813",
"datePublished": "2024-09-17T17:13:13.924Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2025-10-21T22:55:44.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38812 (GCVE-0-2024-38812)
Vulnerability from nvd
Published
2024-09-17 17:13
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Version: 8.0 < 8.0 U3b Version: 7.0 < 7.0 U3s |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0u3b",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.0u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0u3b",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.0u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38812",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:17:18.904501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:44.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38812 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDCERPC protocol\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:09.778Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38812",
"datePublished": "2024-09-17T17:13:09.778Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2025-10-21T22:55:44.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37085 (GCVE-0-2024-37085)
Vulnerability from nvd
Published
2024-06-25 14:16
Modified
2025-10-21 22:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authentication bypass vulnerability
Summary
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Version: 8.0 < ESXi80U3-24022510 Version: 7.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "esxi",
"vendor": "vmware",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.2",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vmware:esxi:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "esxi",
"vendor": "vmware",
"versions": [
{
"lessThan": "ESXi80U3-24022510",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37085",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T03:55:22.790428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:56:21.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00+00:00",
"value": "CVE-2024-37085 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3-24022510",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-25T01:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware ESXi contains an authentication bypass vulnerability.\u0026nbsp;A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously\u003cstrong\u003e\u003cem\u003e \u003c/em\u003e\u003c/strong\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html\"\u003econfigured to use AD for user management\u003c/a\u003e\u003cstrong\u003e\u003cem\u003e \u003c/em\u003e\u003c/strong\u003eby re-creating the configured AD group (\u0027ESXi Admins\u0027 by default) after it was deleted from AD."
}
],
"value": "VMware ESXi contains an authentication bypass vulnerability.\u00a0A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group (\u0027ESXi Admins\u0027 by default) after it was deleted from AD."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:16:01.280Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37085",
"datePublished": "2024-06-25T14:16:01.280Z",
"dateReserved": "2024-06-03T05:40:17.632Z",
"dateUpdated": "2025-10-21T22:56:21.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31698 (GCVE-0-2022-31698)
Vulnerability from nvd
Published
2022-12-13 00:00
Modified
2025-04-22 03:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service vulnerability
Summary
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T03:26:21.371956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T03:26:59.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware (7.0 prior to 7.0 U3i, 6.7 prior to 6.7.0 U3s, 6.5 prior to 6.5 U3u), VMware Cloud Foundation (4.x, 3.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31698",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-22T03:26:59.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22960 (GCVE-0-2022-22960)
Vulnerability from nvd
Published
2022-04-13 00:00
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege escalation
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22960",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:34:09.436482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:42.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-15T00:00:00+00:00",
"value": "CVE-2022-22960 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22960",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:42.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22954 (GCVE-0-2022-22954)
Vulnerability from nvd
Published
2022-04-11 19:37
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote code execution
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22954",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:20:48.327758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:42.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-14T00:00:00+00:00",
"value": "CVE-2022-22954 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T17:06:08.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"name": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22954",
"datePublished": "2022-04-11T19:37:39.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:42.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22948 (GCVE-0-2022-22948)
Vulnerability from nvd
Published
2022-03-29 17:24
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure vulnerability
Summary
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "3.11",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0_u3d",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.7_u3p",
"status": "affected",
"version": "6.7",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.5_u3r",
"status": "affected",
"version": "6.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22948"
},
"type": "kev"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22948",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T03:55:22.079743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:43.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22948"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-17T00:00:00+00:00",
"value": "CVE-2022-22948 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-29T17:24:33.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22948",
"datePublished": "2022-03-29T17:24:33.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:43.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22939 (GCVE-0-2022-22939)
Vulnerability from nvd
Published
2022-02-04 22:29
Modified
2024-08-03 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- VMware Cloud Foundation updates address an information disclosure vulnerability.
Summary
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Cloud Foundation |
Version: VMware Cloud Foundation 4.x (before 4.3.1.1) and 3.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Cloud Foundation 4.x (before 4.3.1.1) and 3.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Cloud Foundation updates address an information disclosure vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:14",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware Cloud Foundation 4.x (before 4.3.1.1) and 3.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Cloud Foundation updates address an information disclosure vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0003.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22939",
"datePublished": "2022-02-04T22:29:14",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22048 (GCVE-0-2021-22048)
Vulnerability from nvd
Published
2021-11-10 17:50
Modified
2024-08-03 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege escalation vulnerability
Summary
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T17:06:14",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html"
},
{
"name": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html"
},
{
"name": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22048",
"datePublished": "2021-11-10T17:50:53",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22005 (GCVE-0-2021-22005)
Vulnerability from nvd
Published
2021-09-23 11:37
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- File upload vulnerability
Summary
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-22005",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:56:00.835980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22005"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:31.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22005"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-22005 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:06:27.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"name": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22005",
"datePublished": "2021-09-23T11:37:30.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:31.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21995 (GCVE-0-2021-21995)
Vulnerability from nvd
Published
2021-07-13 18:05
Modified
2024-08-03 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authentication bypass vulnerability
Summary
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware ESXi and VMware Cloud Foundation |
Version: VMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T18:05:49",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0014.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21995",
"datePublished": "2021-07-13T18:05:49",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21994 (GCVE-0-2021-21994)
Vulnerability from nvd
Published
2021-07-13 18:05
Modified
2024-08-03 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authentication bypass vulnerability
Summary
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware ESXi and VMware Cloud Foundation |
Version: VMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T18:05:43",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0014.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21994",
"datePublished": "2021-07-13T18:05:43",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21985 (GCVE-0-2021-21985)
Vulnerability from nvd
Published
2021-05-26 14:04
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote code execution vulnerability
Summary
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-21985",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:56:51.919812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21985"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:44.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21985"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-21985 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T16:06:26.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"name": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"name": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21985",
"datePublished": "2021-05-26T14:04:30.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:44.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21975 (GCVE-0-2021-21975)
Vulnerability from nvd
Published
2021-03-31 17:51
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Server Side Request Forgery
Summary
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Operations |
Version: VMware vRealize Operations prior to 8.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-21975",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:58:07.581716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-01-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21975"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:50.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21975"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-01-18T00:00:00+00:00",
"value": "CVE-2021-21975 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Operations",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Operations prior to 8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server Side Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-27T16:08:33.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Operations",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Operations prior to 8.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"
},
{
"name": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21975",
"datePublished": "2021-03-31T17:51:51.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:50.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41244 (GCVE-0-2025-41244)
Vulnerability from cvelistv5
Published
2025-09-29 16:09
Modified
2025-11-04 21:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VCF operations |
Version: 9.0.x |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41244",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T03:56:00.543163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T22:20:23.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-30T00:00:00+00:00",
"value": "CVE-2025-41244 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:25.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/29/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VCF operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "9.0.1.0",
"status": "affected",
"version": "9.0.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware tools",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.0.5.0",
"status": "affected",
"version": "13.x.x.x",
"versionType": "commercial"
},
{
"lessThan": "12.5.4",
"status": "affected",
"version": "12.5.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "8.18.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "3.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "2.x",
"versionType": "commercial"
}
]
}
],
"datePublic": "2025-09-29T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious local actor with non-administrative privileges having access to a VM with \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Tools\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T16:16:24.967Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41244",
"datePublished": "2025-09-29T16:09:51.871Z",
"dateReserved": "2025-04-16T09:30:17.799Z",
"dateUpdated": "2025-11-04T21:10:25.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22226 (GCVE-0-2025-22226)
Vulnerability from cvelistv5
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure vulnerability
Summary
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22226",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:25.321408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:26.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22226 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Workstation",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "VMware Fusion",
"vendor": "n/a",
"versions": [
{
"lessThan": "13.6.3",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, and Fusion contain\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;an information disclosure \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edue to an out-of-bounds read in HGFS.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain\u00a0an information disclosure vulnerability due to an out-of-bounds read in HGFS.\u00a0A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:57.541Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22226",
"datePublished": "2025-03-04T11:56:57.541Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:26.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22225 (GCVE-0-2025-22225)
Vulnerability from cvelistv5
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary write vulnerability
Summary
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22225",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:23.988843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "CWE-123 Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:27.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22225 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi contains an \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003earbitrary write\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi contains an arbitrary write\u00a0vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary write vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:27.537Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22225",
"datePublished": "2025-03-04T11:56:27.537Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:27.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22224 (GCVE-0-2025-22224)
Vulnerability from cvelistv5
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Heap-overflow vulnerability
Summary
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22224",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:22.499570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:28.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22224 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, and Workstation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:39:46.987Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22224",
"datePublished": "2025-03-04T11:56:12.317Z",
"dateReserved": "2025-01-02T04:29:30.445Z",
"dateUpdated": "2025-10-21T22:55:28.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38813 (GCVE-0-2024-38813)
Vulnerability from cvelistv5
Published
2024-09-17 17:13
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Version: 8.0 < 8.0 U3b Version: 7.0 < 7.0 U3s |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0_u3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0_u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_center_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_center_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0_u3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0_u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38813",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:18:12.716736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:44.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38813"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38813 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vCenter Server contains a privilege escalation vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273 Improper Check for Dropped Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:13.924Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38813",
"datePublished": "2024-09-17T17:13:13.924Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2025-10-21T22:55:44.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38812 (GCVE-0-2024-38812)
Vulnerability from cvelistv5
Published
2024-09-17 17:13
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware vCenter Server |
Version: 8.0 < 8.0 U3b Version: 7.0 < 7.0 U3s |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0u3b",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.0u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_vcenter_server",
"vendor": "broadcom",
"versions": [
{
"lessThan": "8.0u3b",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.0u3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vmware_cloud_foundation",
"vendor": "broadcom",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "6.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38812",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:17:18.904501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:44.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00+00:00",
"value": "CVE-2024-38812 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware vCenter Server",
"vendor": "n/a",
"versions": [
{
"lessThan": "8.0 U3b",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "7.0 U3s",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-09-17T05:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evCenter Server contains a heap-overflow vulnerability in the implementation of the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDCERPC protocol\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u0026nbsp;\u003c/span\u003eA malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T17:13:09.778Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap-overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38812",
"datePublished": "2024-09-17T17:13:09.778Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2025-10-21T22:55:44.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37085 (GCVE-0-2024-37085)
Vulnerability from cvelistv5
Published
2024-06-25 14:16
Modified
2025-10-21 22:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authentication bypass vulnerability
Summary
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Version: 8.0 < ESXi80U3-24022510 Version: 7.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "esxi",
"vendor": "vmware",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.2",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vmware:esxi:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "esxi",
"vendor": "vmware",
"versions": [
{
"lessThan": "ESXi80U3-24022510",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37085",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T03:55:22.790428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:56:21.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00+00:00",
"value": "CVE-2024-37085 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3-24022510",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-25T01:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware ESXi contains an authentication bypass vulnerability.\u0026nbsp;A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously\u003cstrong\u003e\u003cem\u003e \u003c/em\u003e\u003c/strong\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html\"\u003econfigured to use AD for user management\u003c/a\u003e\u003cstrong\u003e\u003cem\u003e \u003c/em\u003e\u003c/strong\u003eby re-creating the configured AD group (\u0027ESXi Admins\u0027 by default) after it was deleted from AD."
}
],
"value": "VMware ESXi contains an authentication bypass vulnerability.\u00a0A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group (\u0027ESXi Admins\u0027 by default) after it was deleted from AD."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:16:01.280Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37085",
"datePublished": "2024-06-25T14:16:01.280Z",
"dateReserved": "2024-06-03T05:40:17.632Z",
"dateUpdated": "2025-10-21T22:56:21.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22960 (GCVE-0-2022-22960)
Vulnerability from cvelistv5
Published
2022-04-13 00:00
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege escalation
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22960",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:34:09.436482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:42.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-15T00:00:00+00:00",
"value": "CVE-2022-22960 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22960",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:42.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22954 (GCVE-0-2022-22954)
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote code execution
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22954",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:20:48.327758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:42.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-14T00:00:00+00:00",
"value": "CVE-2022-22954 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T17:06:08.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"name": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22954",
"datePublished": "2022-04-11T19:37:39.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:42.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22948 (GCVE-0-2022-22948)
Vulnerability from cvelistv5
Published
2022-03-29 17:24
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure vulnerability
Summary
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "3.11",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "7.0_u3d",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.7_u3p",
"status": "affected",
"version": "6.7",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:vcenter_server:6.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vcenter_server",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.5_u3r",
"status": "affected",
"version": "6.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22948"
},
"type": "kev"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22948",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T03:55:22.079743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:43.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22948"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-17T00:00:00+00:00",
"value": "CVE-2022-22948 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-29T17:24:33.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (7.0 prior to 7.0 U3d, 6.7 prior to 6.7 U3p and 6.5 prior to 6.5 U3r) and VMware Cloud Foundation (4.x and 3.x prior to 3.11)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22948",
"datePublished": "2022-03-29T17:24:33.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:43.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22005 (GCVE-0-2021-22005)
Vulnerability from cvelistv5
Published
2021-09-23 11:37
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- File upload vulnerability
Summary
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vCenter Server, VMware Cloud Foundation |
Version: VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-22005",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:56:00.835980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22005"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:31.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22005"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-22005 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server, VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T15:06:27.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server, VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"
},
{
"name": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22005",
"datePublished": "2021-09-23T11:37:30.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:31.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21985 (GCVE-0-2021-21985)
Vulnerability from cvelistv5
Published
2021-05-26 14:04
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote code execution vulnerability
Summary
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vCenter Server and VMware Cloud Foundation |
Version: VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-21985",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:56:51.919812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21985"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:44.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21985"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-21985 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware vCenter Server and VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T16:06:26.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-21985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server and VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_value": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
},
{
"name": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
},
{
"name": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-21985",
"datePublished": "2021-05-26T14:04:30.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:44.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}