Page 67 of 880 results (0.038 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure. Se detectó que VMware SD-WAN Orchestrator versiones 3.3.2 anteriores a 3.3.2 P3, versiones 3.4.x anteriores a 3.4.4 y versiones 4.0.x anteriores a 4.0.1, eran vulnerables a ataques de inyección SQL permitiendo una potencial divulgación de información. Un usuario autenticado de SD-WAN Orchestrator puede inyectar código en consultas SQL que pueden conllevar a una divulgación de información • http://www.vmware.com/security/advisories/VMSA-2020-0025.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system. SD-WAN Orchestrator versiones 3.3.2 anteriores a 3.3.2 P3, versiones 3.4.x anteriores a 3.4.4 y versiones 4.0.x anteriores a 4.0.1, maneja unos parámetros del sistema de una manera no segura. Un usuario de SD-WAN Orchestrator autenticado con muchos privilegios puede ser capaz de ejecutar código arbitrario en el sistema operativo subyacente • http://www.vmware.com/security/advisories/VMSA-2020-0025.html •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. SD-WAN Orchestrator versiones 3.3.2, 3.4.x y 4.0.x, presenta contraseñas predeterminadas permitiendo un ataque de tipo Pass-the-Hash. SD-WAN Orchestrator se entrega con contraseñas predeterminadas para cuentas predefinidas que puede conllevar a un ataque de tipo Pass-the-Hash • http://www.vmware.com/security/advisories/VMSA-2020-0025.html • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 9.1EPSS: 44%CPEs: 15EXPL: 0

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. VMware Workspace One Access, Access Connector, Identity Manager e Identity Manager Connector abordan una vulnerabilidad de inyección de comandos VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system. • https://www.vmware.com/security/advisories/VMSA-2020-0027.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.2EPSS: 0%CPEs: 184EXPL: 0

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. VMware ESXi (versiones 7.0 anteriores a ESXi70U1b-17168206, versiones 6.7 anteriores a ESXi670-202011101-SG, versiones 6.5 anteriores a ESXi650-202011301-SG), Workstation (versiones 15.x anteriores a 15.5.7), Fusion (versiones 11.x anteriores a 11.5.7), contienen una vulnerabilidad de uso de la memoria previamente liberada en el controlador USB XHCI. Un actor malicioso con privilegios administrativos locales en una máquina virtual puede explotar este problema para ejecutar código como el proceso VMX de la máquina virtual que se ejecuta en el host • https://www.vmware.com/security/advisories/VMSA-2020-0026.html • CWE-416: Use After Free •