VMware

Vcenter Server

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-4923

  • EPSS 0.81%
  • Veröffentlicht 01.08.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.

8.8

CVE-2017-4921

  • EPSS 0.83%
  • Veröffentlicht 01.08.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a share...

6.5

CVE-2017-4922

  • EPSS 0.44%
  • Veröffentlicht 01.08.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unp...

9

CVE-2017-4919

  • EPSS 0.92%
  • Veröffentlicht 28.07.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.

7.7

CVE-2016-7459

  • EPSS 0.55%
  • Veröffentlicht 29.12.2016 09:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in co...

6.1

CVE-2016-5331

  • EPSS 0.33%
  • Veröffentlicht 08.08.2016 01:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

6.1

CVE-2015-6931

  • EPSS 0.16%
  • Veröffentlicht 03.07.2016 01:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1

CVE-2016-2078

Exploit
  • EPSS 0.18%
  • Veröffentlicht 08.06.2016 14:59:33
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parame...

7.6

CVE-2016-2076

  • EPSS 0.44%
  • Veröffentlicht 15.04.2016 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hija...

10

CVE-2015-2342

  • EPSS 92.03%
  • Veröffentlicht 12.10.2015 10:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.