VMware

Vrealize Suite Lifecycle Manager

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-22003

  • EPSS 0.36%
  • Veröffentlicht 31.08.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:25

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be pract...

9.8

CVE-2021-22002

  • EPSS 0.4%
  • Veröffentlicht 31.08.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:25

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers ...

7.5

CVE-2021-22027

  • EPSS 0.23%
  • Veröffentlicht 30.08.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:27

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery att...

7.5

CVE-2021-22026

  • EPSS 0.25%
  • Veröffentlicht 30.08.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:27

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery att...

7.5

CVE-2021-22025

  • EPSS 0.19%
  • Veröffentlicht 30.08.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:27

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nod...

7.5

CVE-2021-22024

  • EPSS 0.27%
  • Veröffentlicht 30.08.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:27

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive infor...

7.2

CVE-2021-22023

  • EPSS 0.32%
  • Veröffentlicht 30.08.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:27

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account ta...

4.9

CVE-2021-22022

  • EPSS 0.21%
  • Veröffentlicht 30.08.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:27

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclos...

8.5

CVE-2021-21983

Exploit
  • EPSS 83.18%
  • Veröffentlicht 31.03.2021 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:49:22

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the un...

7.5

CVE-2021-21975

Warnung Exploit
  • EPSS 94.42%
  • Veröffentlicht 31.03.2021 18:15:14
  • Zuletzt bearbeitet 12.03.2025 20:57:43

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrati...