CVE-2023-20868
https://notcve.org/view.php?id=CVE-2023-20868
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. • https://www.vmware.com/security/advisories/VMSA-2023-0010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-21981
https://notcve.org/view.php?id=CVE-2021-21981
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. VMware NSX-T, contiene una vulnerabilidad de escalada de privilegios debido a un problema con la asignación de roles RBAC (control de acceso basado en roles). Una explotación con éxito de este problema puede permitir a atacantes con una cuenta de usuario invitado local asignar privilegios superiores a su propio nivel de permiso • https://www.vmware.com/security/advisories/VMSA-2021-0006.html • CWE-269: Improper Privilege Management •
CVE-2020-3993
https://notcve.org/view.php?id=CVE-2020-3993
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. VMware NSX-T (versiones 3.x anteriores 3.0.2, versiones 2.5.x anteriores a 2.5.2.2.0), contiene una vulnerabilidad de seguridad que se presenta en la manera en que permite que un host KVM descargue e instale paquetes desde el administrador de NSX. Un actor malicioso con posicionamiento MITM puede ser capaz de explotar este problema para comprometer el nodo de transporte • https://www.vmware.com/security/advisories/VMSA-2020-0023.html •