Vmware Cloud Foundation vulnerabilities

CVE-2022-22982 [HIGH] CWE-918 CVE-2022-22982: The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor wi The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

CVE-2022-22972 [CRITICAL] CVE-2022-22972: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypa VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

CVE-2022-22973 [HIGH] CVE-2022-22973: VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A mal VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

CVE-2022-22958 [HIGH] CVE-2022-22958: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execut VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

CVE-2022-22957 [HIGH] CWE-502 CVE-2022-22957: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execut VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

CVE-2022-22960 [HIGH] CWE-732 CVE-2022-22960: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

CVE-2022-22961 [MEDIUM] CWE-200 CVE-2022-22961: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclos VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.

CVE-2022-22959 [MEDIUM] CWE-352 CVE-2022-22959: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request f VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

CVE-2022-22954 [CRITICAL] CWE-94 CVE-2022-22954: VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due t VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

CVE-2022-22948 [MEDIUM] CWE-276 CVE-2022-22948: The vCenter Server contains an information disclosure vulnerability due to improper permission of fi The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

CVE-2021-22042 [HIGH] CWE-863 CVE-2021-22042: VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd auth VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.

CVE-2021-22050 [HIGH] CWE-770 CVE-2021-22050: ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.

CVE-2022-22945 [HIGH] CWE-78 CVE-2022-22945: VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to a VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.

CVE-2021-22040 [MEDIUM] CWE-416 CVE-2021-22040: VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controll VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVE-2021-22041 [MEDIUM] CVE-2021-22041: VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVE-2022-22939 [MEDIUM] CWE-532 CVE-2022-22939: VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentia VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.

CVE-2021-22045 [HIGH] CWE-787 CVE-2021-22045: VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Works VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with o

CVE-2021-21980 [HIGH] CVE-2021-21980: The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A ma The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

CVE-2021-22048 [HIGH] CVE-2021-22048: The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Auth The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

CVE-2021-22035 [MEDIUM] CWE-74 CVE-2021-22035: VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulne VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.