CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20868
https://notcve.org/view.php?id=CVE-2023-20868
26 May 2023 — NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. • https://www.vmware.com/security/advisories/VMSA-2023-0010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21981
https://notcve.org/view.php?id=CVE-2021-21981
19 Apr 2021 — VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. VMware NSX-T, contiene una vulnerabilidad de escalada de privilegios debido a un problema con la asignación de roles RBAC (control de acceso basado en roles). Una explotación con éxito de este problema puede permitir a atacantes... • https://www.vmware.com/security/advisories/VMSA-2021-0006.html • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3993
https://notcve.org/view.php?id=CVE-2020-3993
20 Oct 2020 — VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. VMware NSX-T (versiones 3.x anteriores 3.0.2, versiones 2.5.x anteriores a 2.5.2.2.0), contiene una vulnerabilidad de seguridad que se presenta en la manera en que permite que un host KVM descargue e instale paquetes de... • https://www.vmware.com/security/advisories/VMSA-2020-0023.html •