CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21993
https://notcve.org/view.php?id=CVE-2021-21993
23 Sep 2021 — The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. vCenter Server contiene una vulnerabilidad de tipo SSRF (Server Side Request Forgery) debido a una comprobación inapropiada de las URL en la biblioteca de contenidos del servidor vCenter. Un usuario autorizado ... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 56EXPL: 0CVE-2021-21992
https://notcve.org/view.php?id=CVE-2021-21992
22 Sep 2021 — The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host. vCenter Server contiene una vulnerabilidad de denegación de servicio debido al análisis incorrecto de entidades XML. Un actor malicioso con acceso de usuario no administrativ... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVSS: 7.8EPSS: 0%CPEs: 57EXPL: 0CVE-2021-21991
https://notcve.org/view.php?id=CVE-2021-21991
22 Sep 2021 — The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). vCenter Server contiene una vulnerabilidad de escalada de privilegios local debido a la forma en que maneja los tokens de sesión. Un actor malicioso con acceso de usuario no admi... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2021-22015 – VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22015
22 Sep 2021 — The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. vCenter Server contiene múltiples vulnerabilidades de escalada de privilegios locales debido a permisos inapropiados de archivos y directorios. Un usuario local autenticado con privilegios no administrativos puede explotar est... • https://packetstorm.news/files/id/170116 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22019 – VMware vCenter Server Appliance External Control of File Path Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-22019
22 Sep 2021 — The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. vCenter Server contiene una vulnerabilidad de denegación de servicio en el servicio VAPI (vCenter API). Un actor malicioso con acceso a la red al puerto 5480 en vCenter Server puede explotar este problema mediante el envío de un mensaje js... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2021-22008 – VMware vCenter Server Appliance Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22008
22 Sep 2021 — The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information. vCenter Server contiene una vulnerabilidad de divulgación de información en el servicio VAPI (vCenter API). Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema mediante el envío de un men... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22009 – VMware vCenter Server Appliance External Control of File Path Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-22009
22 Sep 2021 — The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service. vCenter Server contiene múltiples vulnerabilidades de denegación de servicio en el servicio VAPI (vCenter API). Un actor malicioso con acceso a la red al puerto 443 de vCenter Server puede explotar estos problemas para crear... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22018 – VMware vCenter Server Appliance Update Manager Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2021-22018
22 Sep 2021 — The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. vCenter Server contiene una vulnerabilidad de eliminación arbitraria de archivos en un complemento de VMware vSphere Life-cycle Manager. Un actor malicioso con acceso de red al puerto 9087 en vCenter Server puede explotar este problema para eliminar archivos no críticos Th... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-22003
https://notcve.org/view.php?id=CVE-2021-22003
31 Aug 2021 — VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. VMware Workspace ONE Access y Identity Manager, proporcionan sin intención una interfaz de inicio de sesión en el puerto 7443. Un actor malicioso con acceso a la red al pu... • https://www.vmware.com/security/advisories/VMSA-2021-0016.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-22002
https://notcve.org/view.php?id=CVE-2021-22002
31 Aug 2021 — VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. VMware Workspace ONE Access y Identity Manager, permiten el acceso a la aplicación web /cfg y a los endpoints de diagnóstico, e... • https://www.vmware.com/security/advisories/VMSA-2021-0016.html • CWE-287: Improper Authentication •