CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20893
https://notcve.org/view.php?id=CVE-2023-20893
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1799 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2023-20892 – VMware vCenter Server heap-overflow vulnerability
https://notcve.org/view.php?id=CVE-2023-20892
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1801 https://www.vmware.com/security/advisories/VMSA-2023-0014.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 70EXPL: 0CVE-2022-31697
https://notcve.org/view.php?id=CVE-2022-31697
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. vCenter Server contiene una vulnerabilidad de divulgación de información debido al registro de credenciales en texto plano. Un actor malintencionado con acceso a una estación de trabajo que invocó una operación ISO de vCenter Server Appliance (instalar/actualizar/migrar/restaurar) puede acceder a las contraseñas de texto plano utilizadas durante esa operación. • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2022-31698
https://notcve.org/view.php?id=CVE-2022-31698
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. vCenter Server contiene una vulnerabilidad de Denegación de Servicio (DoS) en el servicio de librería de contenido. Un actor malintencionado con acceso de red al puerto 443 en vCenter Server puede aprovechar este problema para desencadenar una condición de Denegación de Servicio (DoS) enviando un encabezado especialmente manipulado. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1588 https://www.vmware.com/security/advisories/VMSA-2022-0030.html •
CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0CVE-2022-22982
https://notcve.org/view.php?id=CVE-2022-22982
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. El servidor vCenter contiene una vulnerabilidad de tipo server-side request forgery (SSRF). Un actor malicioso con acceso de red a 443 en el vCenter Server puede explotar este problema al acceder a una petición de URL fuera del vCenter Server o accediendo a un servicio interno • https://www.vmware.com/security/advisories/VMSA-2022-0018.html • CWE-918: Server-Side Request Forgery (SSRF) •