Vmware Cloud Foundation vulnerabilities

CVE-2021-22003 [HIGH] CWE-307 CVE-2021-22003: VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

CVE-2021-22027 [HIGH] CWE-918 CVE-2021-22027: The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

CVE-2021-22024 [HIGH] CWE-532 CVE-2021-22024: The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerabi The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.

CVE-2021-22025 [HIGH] CWE-287 CVE-2021-22025: The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerabilit The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.

CVE-2021-22026 [HIGH] CWE-918 CVE-2021-22026: The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

CVE-2021-22023 [HIGH] CWE-639 CVE-2021-22023: The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

CVE-2021-22021 [MEDIUM] CWE-79 CVE-2021-22021: VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability d VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.

CVE-2021-22022 [MEDIUM] CWE-22 CVE-2021-22022: The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.

CVE-2021-21994 [CRITICAL] CWE-287 CVE-2021-21994: SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A mali SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

CVE-2021-21995 [HIGH] CWE-125 CVE-2021-21995: OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

CVE-2021-21985 [CRITICAL] CWE-918 CVE-2021-21985: The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input valid The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system

CVE-2021-21986 [CRITICAL] CWE-306 CVE-2021-21986: The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Vi The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authe

CVE-2021-21975 [HIGH] CWE-918 CVE-2021-21975: Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may all Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

CVE-2021-21983 [MEDIUM] CVE-2021-21983: Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

CVE-2021-21972 [CRITICAL] CWE-22 CVE-2021-21972: The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 befo

CVE-2021-21974 [HIGH] CWE-787 CVE-2021-21974: OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

CVE-2021-21973 [MEDIUM] CWE-918 CVE-2021-21973: The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to impro The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x

CVE-2020-4006 [CRITICAL] CWE-78 CVE-2020-4006: VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector addr VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

CVE-2020-4005 [HIGH] CVE-2020-4005: VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-2020 VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of

CVE-2020-4004 [HIGH] CWE-416 CVE-2020-4004: VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-2020 VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code