Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22961 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. | |||||
| CVE-2021-22022 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2022-02-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. | |||||
| CVE-2021-21983 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2022-02-01 | 8.5 HIGH | 6.5 MEDIUM |
| Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | |||||
| CVE-2021-22035 | 1 Vmware | 3 Cloud Foundation, Vrealize Log Insight, Vrealize Suite Lifecycle Manager | 2021-10-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment. | |||||