Vmware App Volumes vulnerabilities
2 known vulnerabilities affecting vmware/app_volumes.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-21999HIGHCVSS 7.8≥ 2.0, < 2.18.10≥ 4, < 21032021-06-23
CVE-2021-21999 [HIGH] CWE-427 CVE-2021-21999: VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in
nvd
CVE-2020-3975MEDIUMCVSS 5.4≥ 2.0, < 2.18.6≥ 4, < 20062020-08-21
CVE-2020-3975 [MEDIUM] CWE-79 CVE-2020-3975: VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross
VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing.
nvd