VMware

Vcenter Server

81 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-4923

  • EPSS 0.81%
  • Published 01.08.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature.

8.8

CVE-2017-4921

  • EPSS 0.83%
  • Published 01.08.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a share...

6.5

CVE-2017-4922

  • EPSS 0.44%
  • Published 01.08.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unp...

9

CVE-2017-4919

  • EPSS 0.92%
  • Published 28.07.2017 22:29:00
  • Last modified 20.04.2025 01:37:25

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.

7.7

CVE-2016-7459

  • EPSS 0.55%
  • Published 29.12.2016 09:59:00
  • Last modified 12.04.2025 10:46:40

VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in co...

6.1

CVE-2016-5331

  • EPSS 0.33%
  • Published 08.08.2016 01:59:17
  • Last modified 12.04.2025 10:46:40

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

6.1

CVE-2015-6931

  • EPSS 0.16%
  • Published 03.07.2016 01:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1

CVE-2016-2078

Exploit
  • EPSS 0.18%
  • Published 08.06.2016 14:59:33
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parame...

7.6

CVE-2016-2076

  • EPSS 0.44%
  • Published 15.04.2016 14:59:10
  • Last modified 12.04.2025 10:46:40

Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hija...

10

CVE-2015-2342

  • EPSS 92.03%
  • Published 12.10.2015 10:59:01
  • Last modified 12.04.2025 10:46:40

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.