VMware

Cloud Foundation

135 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2026-22721

  • EPSS 0.03%
  • Veröffentlicht 25.02.2026 20:00:15
  • Zuletzt bearbeitet 04.03.2026 15:54:26

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2...

9

CVE-2026-22720

  • EPSS 0.08%
  • Veröffentlicht 25.02.2026 19:33:14
  • Zuletzt bearbeitet 04.03.2026 15:55:32

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.  To remediate CVE-20...

8.1

CVE-2026-22719

Warnung Medienbericht
  • EPSS 1.98%
  • Veröffentlicht 25.02.2026 19:18:59
  • Zuletzt bearbeitet 04.03.2026 15:08:13

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product...

7.8

CVE-2025-41244

Warnung Medienbericht Exploit
  • EPSS 0.37%
  • Veröffentlicht 29.09.2025 17:15:30
  • Zuletzt bearbeitet 06.11.2025 13:58:13

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled ...

5.9

CVE-2025-22245

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 04.06.2025 19:32:42
  • Zuletzt bearbeitet 14.07.2025 17:22:07

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

6.9

CVE-2025-22244

Medienbericht
  • EPSS 0.04%
  • Veröffentlicht 04.06.2025 19:32:17
  • Zuletzt bearbeitet 14.07.2025 17:22:22

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

7.5

CVE-2025-22243

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 04.06.2025 19:31:36
  • Zuletzt bearbeitet 14.07.2025 17:22:34

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

7.3

CVE-2025-41231

Medienbericht
  • EPSS 0.12%
  • Veröffentlicht 20.05.2025 13:15:48
  • Zuletzt bearbeitet 12.06.2025 16:22:47

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.

8.2

CVE-2025-22249

Medienbericht
  • EPSS 0.19%
  • Veröffentlicht 13.05.2025 05:08:03
  • Zuletzt bearbeitet 11.07.2025 14:27:30

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a mali...

8.2

CVE-2025-22224

Warnung Medienbericht
  • EPSS 52.67%
  • Veröffentlicht 04.03.2025 12:15:33
  • Zuletzt bearbeitet 30.10.2025 19:52:49

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the vi...