Vmware: >> Cloud Foundation >> 5.1.1 Security Vulnerabilities
CVE-2024-38812
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.779
Published
2024-09-17
CVE-2024-37085
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
Known exploited
CVSS Score
6.8
EPSS Score
0.719
Published
2024-06-25
VMware ESXi contains an out-of-bounds read vulnerability. A
malicious actor with local administrative privileges on a virtual
machine with an existing snapshot may trigger an out-of-bounds read
leading to a denial-of-service condition of the host.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-06-25
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.
CVSS Score
5.3
EPSS Score
0.006
Published
2024-06-25
CVE-2024-37079
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.82
Published
2024-06-18
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.249
Published
2024-06-18
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
CVSS Score
7.8
EPSS Score
0.499
Published
2024-06-18
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-02-21
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-12-14
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-12-13