Broadcom Vmware Nsx-T Data Center vulnerabilities

CVE-2023-20868 [MEDIUM] CWE-79 CVE-2023-20868: NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A r NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.

CVE-2021-21981 [HIGH] CWE-269 CVE-2021-21981: VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based acc VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.

CVE-2020-3993 [MEDIUM] CVE-2020-3993: VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exist VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.