CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22018 – VMware vCenter Server Appliance Update Manager Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2021-22018
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. vCenter Server contiene una vulnerabilidad de eliminación arbitraria de archivos en un complemento de VMware vSphere Life-cycle Manager. Un actor malicioso con acceso de red al puerto 9087 en vCenter Server puede explotar este problema para eliminar archivos no críticos This vulnerability allows remote attackers to delete arbitrary files on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Update Manager. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2021-22015 – VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22015
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. vCenter Server contiene múltiples vulnerabilidades de escalada de privilegios locales debido a permisos inapropiados de archivos y directorios. Un usuario local autenticado con privilegios no administrativos puede explotar estos problemas para elevar sus privilegios a root en vCenter Server Appliance This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the permissions of root-owned service files. The product sets incorrect permissions on sensitive files. • https://github.com/PenteraIO/vScalation-CVE-2021-22015 http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html https://www.vmware.com/security/advisories/VMSA-2021-0020.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-22003
https://notcve.org/view.php?id=CVE-2021-22003
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. VMware Workspace ONE Access y Identity Manager, proporcionan sin intención una interfaz de inicio de sesión en el puerto 7443. Un actor malicioso con acceso a la red al puerto 7443 puede intentar enumerar a usuarios o forzar el endpoint de inicio de sesión, que puede o no ser práctico basado en la configuración de la política de bloqueo y la complejidad de la contraseña de la cuenta de destino • https://www.vmware.com/security/advisories/VMSA-2021-0016.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-22002
https://notcve.org/view.php?id=CVE-2021-22002
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. VMware Workspace ONE Access y Identity Manager, permiten el acceso a la aplicación web /cfg y a los endpoints de diagnóstico, en el puerto 8443, por medio del puerto 443 usando un encabezado de host personalizado. Un actor malicioso con acceso de red al puerto 443 podría manipular los encabezados de host para facilitar el acceso a la aplicación web /cfg, además, un actor malicioso podría acceder a los endpoints de diagnóstico /cfg sin autenticación • https://www.vmware.com/security/advisories/VMSA-2021-0016.html • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22021
https://notcve.org/view.php?id=CVE-2021-22021
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. VMware vRealize Log Insight (versiones 8.x anteriores a 8.4) contiene una vulnerabilidad de tipo Cross Site Scripting (XSS) debido a una comprobación inapropiada de la entrada del usuario. Un atacante con privilegios de usuario puede ser capaz de inyectar una carga útil maliciosa por medio de la interfaz de usuario de Log Insight que se ejecutaría cuando la víctima acceda al enlace del panel compartido. • https://www.vmware.com/security/advisories/VMSA-2021-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •