Vmware: Security Vulnerabilities
CVE-2020-11652
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Known exploited
CVSS Score
6.5
EPSS Score
0.942
Published
2020-04-30
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3.
CVSS Score
9.3
EPSS Score
0.025
Published
2020-04-29
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
CVSS Score
7.5
EPSS Score
0.003
Published
2020-04-20
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-04-15
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-04-15
VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. A malicious user with access to those logs may gain unauthorized access to the database being used by Autoscaling.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-04-10
CVE-2020-3952
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Known exploited
CVSS Score
9.8
EPSS Score
0.933
Published
2020-04-10
CVE-2020-3950
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Known exploited
CVSS Score
7.8
EPSS Score
0.107
Published
2020-03-17
VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.
CVSS Score
3.8
EPSS Score
0.001
Published
2020-03-17
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-03-16