Vmware: Security Vulnerabilities
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-10-06
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.
CVSS Score
3.7
EPSS Score
0.002
Published
2022-09-21
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-08-29
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-23
Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-18
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-08-10
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
CVSS Score
7.2
EPSS Score
0.01
Published
2022-08-10
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
CVSS Score
8.8
EPSS Score
0.038
Published
2022-08-10
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-08-10
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-08-10