CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22277
https://notcve.org/view.php?id=CVE-2024-22277
04 Jul 2024 — VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24557 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22256
https://notcve.org/view.php?id=CVE-2024-22256
07 Mar 2024 — VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance. VMware Cloud Director contiene una vulnerabilidad de divulgación parcial de información. Un actor malintencionado puede potencialmente recopilar información sobre los nombres de las organizaciones en función del comportamiento de la instancia. VMware Cloud Director contains a partial information disclosure vulnerab... • https://www.vmware.com/security/advisories/VMSA-2024-0007.html •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-34060 – VMware Cloud Director 10.5 Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-34060
14 Nov 2023 — VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Direct... • https://packetstorm.news/files/id/177554 • CWE-306: Missing Authentication for Critical Function •