VMware Cloud Foundation 5.1.1

CPE Details

VMware Cloud Foundation 5.1.1
vmware
cloud_foundation
5.1.1
2024-09-04
18h00 +00:00
2024-09-04
18h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:cloud_foundation:5.1.1:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

cloud_foundation

Version

5.1.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-37085 2024-06-25 14h16 +00:00 VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
7.2
High
CVE-2024-37080 2024-06-18 05h43 +00:00 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
9.8
Critical
CVE-2024-37079 2024-06-18 05h43 +00:00 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
9.8
Critical
CVE-2024-22235 2024-02-21 04h59 +00:00 VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
6.7
Medium
CVE-2022-31701 2022-12-14 00h00 +00:00 VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
5.3
Medium
CVE-2022-31697 2022-12-13 00h00 +00:00 The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.