CVE-2024-22256
https://notcve.org/view.php?id=CVE-2024-22256
VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance. VMware Cloud Director contiene una vulnerabilidad de divulgación parcial de información. Un actor malintencionado puede potencialmente recopilar información sobre los nombres de las organizaciones en función del comportamiento de la instancia. • https://www.vmware.com/security/advisories/VMSA-2024-0007.html •
CVE-2023-34060 – VMware Cloud Director 10.5 Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-34060
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. • https://github.com/vmware/photon/wiki/Security-Update-3.0-687 https://github.com/vmware/photon/wiki/Security-Update-4.0-512 https://github.com/vmware/photon/wiki/Security-Update-5.0-143 https://www.vmware.com/security/advisories/VMSA-2023-0026.html • CWE-306: Missing Authentication for Critical Function •