CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22036
https://notcve.org/view.php?id=CVE-2021-22036
13 Oct 2021 — VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure. VMware vRealize Orchestrator (versiones 8.x anteriores a 8.6) contienen una vulnerabilidad de redireccionamiento abierto debido a un manejo inapropiado de la ruta. • https://www.vmware.com/security/advisories/VMSA-2021-0023.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2021-22013
https://notcve.org/view.php?id=CVE-2021-22013
23 Sep 2021 — The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22012
https://notcve.org/view.php?id=CVE-2021-22012
23 Sep 2021 — The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22007
https://notcve.org/view.php?id=CVE-2021-22007
23 Sep 2021 — The vCenter Server contains a local information disclosure vulnerability in the Analytics service. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21993
https://notcve.org/view.php?id=CVE-2021-21993
23 Sep 2021 — An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. vCenter Server contiene una vulnerabilidad de tipo SSRF (Server Side Request Forgery) debido a una comprobación inapropiada de las URL en la biblioteca de contenidos del servidor vCenter. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22008 – VMware vCenter Server Appliance Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22008
22 Sep 2021 — The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. ... Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema mediante el envío de un mensaje json-rpc especialmente diseñado para conseguir acceso a información confidencial This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vCenter Server Appliance. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22026
https://notcve.org/view.php?id=CVE-2021-22026
30 Aug 2021 — An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22027
https://notcve.org/view.php?id=CVE-2021-22027
30 Aug 2021 — An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22024
https://notcve.org/view.php?id=CVE-2021-22024
30 Aug 2021 — An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22022
https://notcve.org/view.php?id=CVE-2021-22022
30 Aug 2021 — A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •