VMware

Cloud Foundation

131 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2022-31699

  • EPSS 0.33%
  • Veröffentlicht 13.12.2022 16:15:19
  • Zuletzt bearbeitet 22.04.2025 16:15:29

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

9.1

CVE-2022-31678

  • EPSS 3.14%
  • Veröffentlicht 28.10.2022 02:15:17
  • Zuletzt bearbeitet 08.05.2025 16:15:21

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

6.5

CVE-2022-31681

  • EPSS 0.14%
  • Veröffentlicht 07.10.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:05:07

VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.

7.5

CVE-2022-22982

  • EPSS 0.32%
  • Veröffentlicht 13.07.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:44

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal se...

9.8

CVE-2022-22972

Warnung
  • EPSS 93.65%
  • Veröffentlicht 20.05.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:43

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the...

7.8

CVE-2022-22973

Warnung
  • EPSS 1.45%
  • Veröffentlicht 20.05.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:43

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

7.2

CVE-2022-22957

  • EPSS 47.26%
  • Veröffentlicht 13.04.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 06:47:41

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data thro...

7.2

CVE-2022-22958

  • EPSS 1.86%
  • Veröffentlicht 13.04.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 06:47:41

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data thro...

4.3

CVE-2022-22959

  • EPSS 0.46%
  • Veröffentlicht 13.04.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 06:47:41

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

7.8

CVE-2022-22960

Warnung Exploit
  • EPSS 70.42%
  • Veröffentlicht 13.04.2022 18:15:13
  • Zuletzt bearbeitet 30.10.2025 20:03:55

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.