CVSS: 8.5EPSS: 83%CPEs: 27EXPL: 3CVE-2021-21983 – VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution
https://notcve.org/view.php?id=CVE-2021-21983
31 Mar 2021 — Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. La vulnerabilidad de escritura arbitraria de archivos en la API vRealize Operations Manager (CVE-2021-21983) anterior a la versión 8.4, puede permitir que un actor malicioso autenticado con acceso de red para la API vRealize Ope... • https://packetstorm.news/files/id/162349 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2020-3943
https://notcve.org/view.php?id=CVE-2020-3943
19 Feb 2020 — vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations. vRealize Operations for Horizon Adapter (versiones 6.7.x anteriores a 6.7.1 y versiones 6.6.x anteriores a 6.6.1), utiliza un servicio JMX RMI que no está configurado de forma segura. Un at... • https://www.vmware.com/security/advisories/VMSA-2020-0003.html •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3944
https://notcve.org/view.php?id=CVE-2020-3944
19 Feb 2020 — vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication. vRealize Operations for Horizon Adapter (versiones 6.7.x anteriores a 6.7.1 y versiones 6.6.x anteriores a 6.6.1), presenta una configuración inapropiada del almacén de confianza conllev... • https://www.vmware.com/security/advisories/VMSA-2020-0003.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3945
https://notcve.org/view.php?id=CVE-2020-3945
19 Feb 2020 — vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information vRealize Operations for Horizon Adapter (versiones 6.7.x anteriores a 6.7.1 y versiones 6.6.x anteriores a 6.6.1) co... • https://www.vmware.com/security/advisories/VMSA-2020-0003.html •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2018-6978 – VMware Security Advisory 2018-0031
https://notcve.org/view.php?id=CVE-2018-6978
18 Dec 2018 — vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine. vRealize Operations (versiones 7.x anteriores a la 7.0.0.11287810, 6.7.x anteriores... • http://www.securityfocus.com/bid/106242 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-4946 – VMware Security Advisory 2018-0003
https://notcve.org/view.php?id=CVE-2017-4946
05 Jan 2018 — The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM. Los agentes de escritorio V4H y V4PA de VMware (6.x en versiones anteriores a la 6.5.1) contienen una vulnerabilidad de escalado de privilegios. La explotación exitosa de esta vulnerabilidad podría resultar en que un usuario de Windows poco privilegiado escale sus privilegios a SYSTEM... • http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946 • CWE-863: Incorrect Authorization •
CVSS: 8.5EPSS: 1%CPEs: 5EXPL: 0CVE-2016-7462 – VMware Security Advisory 2016-0020
https://notcve.org/view.php?id=CVE-2016-7462
16 Nov 2016 — The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization. El Suite REST API en VMware vRealize Operations (también conocido como vROps) 6.x en versiones anteriores a 6.4.0 permite a usuarios remotos autenticados escribir contenido arbitrario en archivos o renombrar archivos a través de un DiskFileItem manipu... • http://www.securityfocus.com/bid/94351 • CWE-264: Permissions, Privileges, and Access Controls CWE-749: Exposed Dangerous Method or Function •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2016-7457 – HPE Security Bulletin HPESBGN03707 1
https://notcve.org/view.php?id=CVE-2016-7457
12 Oct 2016 — VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. VMware vRealize Operations (también conocido como vROps) 6.x en versiones anteriores a 6.4.0 permite a usuarios remotos autenticados obtener privilegios o detener y eliminar máquinas virtuales, a través de vectores no especificados. HPE has identified two VMware security advisories affecting the HPE ConvergedSystem 700 2.0 VMware Kit. The... • http://www.securityfocus.com/bid/93499 • CWE-264: Permissions, Privileges, and Access Controls •