U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:vmware:cloud_foundation:3.10.2.2:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 34 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-31701

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Published: December 14, 2022; 2:15:12 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

Published: December 13, 2022; 11:15:19 AM -0500
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

Published: December 13, 2022; 11:15:19 AM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2022-31697

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

Published: December 13, 2022; 11:15:19 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-31678

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Published: October 27, 2022; 10:15:17 PM -0400
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2022-22982

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

Published: July 13, 2022; 3:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Published: May 20, 2022; 5:15:09 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.

Published: April 13, 2022; 2:15:13 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

Published: April 13, 2022; 2:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

Published: April 13, 2022; 2:15:13 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-22958

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

Published: April 13, 2022; 2:15:13 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

Published: April 13, 2022; 2:15:13 PM -0400
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2022-22948

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Published: March 29, 2022; 2:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.

Published: February 16, 2022; 12:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-22050

ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.

Published: February 16, 2022; 12:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Published: February 16, 2022; 12:15:10 PM -0500
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2021-22040

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Published: February 16, 2022; 12:15:10 PM -0500
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2022-22939

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.

Published: February 04, 2022; 6:15:13 PM -0500
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-22045

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

Published: January 04, 2022; 5:15:07 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2021-22048

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

Published: November 10, 2021; 1:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM