VMware Cloud Foundation 5.1.1

CPE Details

VMware Cloud Foundation 5.1.1
5.1.1
2024-09-04
18h00 +00:00
2024-09-04
18h00 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:cloud_foundation:5.1.1:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

cloud_foundation

Version

5.1.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-37085 2024-06-25 14h16 +00:00 VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
7.2
High
CVE-2024-37080 2024-06-18 05h43 +00:00 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
9.8
Critical
CVE-2024-37079 2024-06-18 05h43 +00:00 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
9.8
Critical
CVE-2024-22235 2024-02-21 04h59 +00:00 VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
6.7
Medium
CVE-2022-31701 2022-12-13 23h00 +00:00 VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
5.3
Medium
CVE-2022-31697 2022-12-12 23h00 +00:00 The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
5.5
Medium