VMware

Vcenter Server

81 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-22982

  • EPSS 0.23%
  • Published 13.07.2022 19:15:09
  • Last modified 21.11.2024 06:47:44

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal se...

6.5

CVE-2022-22948

Warning
  • EPSS 26.42%
  • Published 29.03.2022 18:15:08
  • Last modified 10.02.2025 19:01:58

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

9.8

CVE-2021-22049

  • EPSS 0.89%
  • Published 24.11.2021 17:15:07
  • Last modified 21.11.2024 05:49:30

The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL r...

7.5

CVE-2021-21980

  • EPSS 15.73%
  • Published 24.11.2021 17:15:07
  • Last modified 21.11.2024 05:49:21

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

8.8

CVE-2021-22048

  • EPSS 0.87%
  • Published 10.11.2021 18:15:08
  • Last modified 21.11.2024 05:49:29

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges ...

6.1

CVE-2021-22016

  • EPSS 0.55%
  • Published 23.09.2021 13:15:08
  • Last modified 21.11.2024 05:49:26

The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.

5.3

CVE-2021-22017

Warning
  • EPSS 79.16%
  • Published 23.09.2021 13:15:08
  • Last modified 02.04.2025 16:59:49

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints...

6.5

CVE-2021-22018

  • EPSS 0.52%
  • Published 23.09.2021 13:15:08
  • Last modified 21.11.2024 05:49:26

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

7.5

CVE-2021-22019

  • EPSS 1.07%
  • Published 23.09.2021 13:15:08
  • Last modified 21.11.2024 05:49:27

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial...

5.5

CVE-2021-22020

  • EPSS 0.08%
  • Published 23.09.2021 13:15:08
  • Last modified 21.11.2024 05:49:27

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.