VMware

Cloud Foundation

25 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-41228

Media report
  • EPSS 4.25%
  • Published 20.05.2025 14:24:34
  • Last modified 21.05.2025 20:25:16

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to...

5.5

CVE-2025-41227

Media report
  • EPSS 0.03%
  • Published 20.05.2025 14:24:29
  • Last modified 21.05.2025 20:25:16

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory o...

6.8

CVE-2025-41226

Media report
  • EPSS 0.07%
  • Published 20.05.2025 14:24:24
  • Last modified 21.05.2025 20:25:16

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to cre...

8.8

CVE-2025-41225

Media report
  • EPSS 0.05%
  • Published 20.05.2025 14:24:17
  • Last modified 21.05.2025 20:25:16

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server.

7.3

CVE-2025-41231

Media report
  • EPSS 0.03%
  • Published 20.05.2025 13:15:48
  • Last modified 12.06.2025 16:22:47

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.

7.5

CVE-2025-41230

Media report
  • EPSS 0.07%
  • Published 20.05.2025 13:15:47
  • Last modified 21.05.2025 20:25:16

VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information.

8.2

CVE-2025-41229

Media report
  • EPSS 0.97%
  • Published 20.05.2025 13:15:47
  • Last modified 21.05.2025 20:25:16

VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services.

8.2

CVE-2025-22249

Media report
  • EPSS 0.07%
  • Published 13.05.2025 05:08:03
  • Last modified 11.07.2025 14:27:30

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a mali...

5.3

CVE-2022-31698

  • EPSS 3.39%
  • Published 13.12.2022 16:15:19
  • Last modified 22.04.2025 04:15:20

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially c...

4.9

CVE-2022-22939

  • EPSS 0.26%
  • Published 04.02.2022 23:15:13
  • Last modified 21.11.2024 06:47:38

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able...