VMware Cloud Foundation 5.0

CPE Details

VMware Cloud Foundation 5.0
vmware
cloud_foundation
5.0
2023-09-29
15h02 +00:00
2023-09-29
15h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

cloud_foundation

Version

5.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-22280 2024-07-11 04h39 +00:00 VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
8.5
High
CVE-2024-37085 2024-06-25 14h16 +00:00 VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
7.2
High
CVE-2024-37080 2024-06-18 05h43 +00:00 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
9.8
Critical
CVE-2024-37079 2024-06-18 05h43 +00:00 vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
9.8
Critical
CVE-2024-22273 2024-05-21 17h29 +00:00 The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
8.1
High
CVE-2024-22235 2024-02-21 04h59 +00:00 VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
6.7
Medium
CVE-2023-34063 2024-01-16 09h10 +00:00 Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
9.9
Critical
CVE-2023-34043 2023-09-26 17h14 +00:00 VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
6.7
Medium
CVE-2022-31701 2022-12-13 23h00 +00:00 VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
5.3
Medium
CVE-2022-31697 2022-12-12 23h00 +00:00 The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
5.5
Medium