Vmware Vulnérabilités

Chronologie

Taper

Virtualization Software311
Not Defined218
Server Management Software75
Automation Software32
Cloud Software22

Produit

VMware Workstation168
VMware Fusion95
VMware ESXi94
VMware Player78
VMware vCenter Server57

Contre-mesures

Official Fix602
Temporary Fix0
Workaround3
Unavailable8
Not Defined66

Exploitabilité

High22
Functional6
Proof-of-Concept127
Unproven29
Not Defined495

Vecteur d'accès

Not Defined0
Physical2
Local205
Adjacent89
Network383

Authentification

Not Defined0
High41
Low299
None339

Interaction de l'utilisateur

Not Defined0
Required68
None611

C3BM Index

CVSSv3 Base

≤10
≤20
≤312
≤447
≤575
≤6152
≤7132
≤8128
≤963
≤1070

CVSSv3 Temp

≤10
≤21
≤314
≤454
≤5106
≤6150
≤7142
≤8100
≤980
≤1032

VulDB

≤10
≤22
≤317
≤480
≤584
≤6167
≤798
≤8117
≤945
≤1069

NVD

≤10
≤20
≤30
≤48
≤510
≤657
≤755
≤898
≤950
≤1047

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Fournisseur

≤10
≤20
≤30
≤40
≤50
≤61
≤71
≤80
≤91
≤104

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤91
≤100

Exploiter 0 jour

<1k0
<2k11
<5k82
<10k216
<25k292
<50k70
<100k8
≥100k0

Exploiter aujourd'hui

<1k513
<2k56
<5k75
<10k30
<25k4
<50k1
<100k0
≥100k0

Exploiter le volume du marché

🔴 CTI Activités

Affected Products (155): ACE (11), Access Connector (1), AirWatch (3), AirWatch Agent (2), AirWatch Console (3), AirWatch Inbox (2), AirWatch Launcher (1), App Volumes (2), Aria Operations (5), Aria Operations for Logs (2), CNS Edge (1), Carbon Black App Control (4), Carbon Black Cloud Workload Appliance (1), Center (6), Center CapacityIQ (1), Center Chargeback Manager (1), Center Operations (2), Center Server (57), Center Server Appliance (8), Center Update Manager (1), Cloud Automation Center (1), Cloud Director (3), Cloud Director for Service Providers (1), Cloud Foundation (16), Cloud Foundation ESXi (2), Connectors (1), ESX (24), ESX Server (16), ESXi (95), ESXi Server (2), Enterprise (1), Fabric tc Server (1), Fusion (95), Fusion Pro (4), GSX Server (2), GemFire (2), HCX (1), Horizon (1), Horizon Client (19), Horizon Client for Mac (3), Horizon Connection Server (1), Horizon DaaS (3), Horizon Server (1), Horizon View (3), Horizon View Agent (2), Horizon View Client (11), Hyperic Agent (1), Hyperic HQ (2), Hyperic HQ Groovy Script Console (1), Hyperic Server (2), Identity Manager (26), Identity Manager Connector (1), Movie Decoder (1), NSX (1), NSX-T (3), NSX-V Edge (1), NSX Data Center for vSphere (1), NSX Edge (2), NSX SD-WAN Edge (1), OVF Tool (1), Open Virtual Machine Tools (1), Photon (1), Photon OS (1), Pinniped (2), Pivotal Scheduler (1), Player (80), RabbitMQ (2), Reactor Netty (1), Realize Automation (24), Realize Business Advance (1), Realize Business for Cloud (1), Realize Log Insight (14), Realize Network Insight (2), Realize Operations (16), Realize Operations Manager API (6), Realize Operations Tenant App (1), Realize Orchestrator (3), Realize Suite Lifecycle Manager (2), Remote Console (3), Remote Console for Mac (3), SD-WAN (1), SD-WAN Orchestrator (6), Server (32), Shield Manager (1), Sphere Client (5), Sphere Data Protection (9), Sphere ESXi (1), Sphere Integrated Containers (1), Sphere Replication (1), Sphere Web Client (3), Spring (4), Spring-integration-zip (1), Spring AMQP (2), Spring Boot (4), Spring Cloud Data Flow (1), Spring Cloud Function (2), Spring Cloud Gateway (3), Spring Cloud Netflix Zuul (1), Spring Cloud OpenFeign (1), Spring Cloud Task (1), Spring Data MongoDB (1), Spring Data REST (2), Spring Framework (8), Spring Security (7), Spring Security OAuth (1), Spring Session (1), SpringSource Spring Security (5), Spring Tools (1), Spring Vault (1), Stage Manager (1), Studio (3), Support Tools (2), Tanzu (1), Tanzu Application Service for VMs (2), Tanzu GemFire for VMs (2), Thinapp (1), Tivoli Storage Manager for Virtual Environments (1), Tools (13), Unified Access Gateway (1), V4H (1), V4PA (1), VI-Client (1), VIX API (1), VMRC (1), VSCode Extension (1), Velero (1), View (6), View Manager (1), View Planner (1), Virtual Center (1), VirtualCenter (4), Virtual Infrastructure (1), Workspace ONE Access (27), Workspace ONE Assist (5), Workspace ONE Boxer (1), Workspace ONE Content (1), Workspace ONE SDK (1), Workspace ONE UEM Console (1), Workspace ONE Unified Endpoint Management Console (1), Workspace One Access (1), Workspace one UEM Console (2), Workstation (172), Workstation Player (6), Workstation Pro (12), Xenon (1), Zimbra (1), Zimbra Collaboration Suite (2), Zimbra Collection Suite (1), Zimbra Desktop (1), Zimbra Web Client (1), macOS Sensor for VMware Carbon Black Cloud (1), open-vm-tools (2), tc Server (1), vMA (1), workstation (1)

Link to Vendor Website: https://www.vmware.com/

PubliéBaseTempVulnérabilitéProdExpConCTIEPSSCVE
30/05/20235.45.2Vmware Workspace ONE Access Update Address RedirectCloud SoftwareNot DefinedOfficial Fix0.120.00043CVE-2023-20884
24/05/20232.62.5VMware Spring Boot Welcome Page dénie de serviceInconnueNot DefinedOfficial Fix0.030.00043CVE-2023-20883
24/05/20234.34.1VMware NSX-T cross site scriptingInconnueNot DefinedOfficial Fix0.090.00047CVE-2023-20868
12/05/20236.46.1VMware Aria Operations Local Privilege EscalationInconnueNot DefinedOfficial Fix0.030.00042CVE-2023-20880
12/05/20236.76.4VMware Aria Operations Local Privilege EscalationInconnueNot DefinedOfficial Fix0.050.00042CVE-2023-20879
12/05/20236.66.3VMware Aria Operations elévation de privilègesInconnueNot DefinedOfficial Fix0.030.00045CVE-2023-20878
12/05/20238.88.4VMware Aria Operations Privilege EscalationInconnueNot DefinedOfficial Fix0.030.00042CVE-2023-20877
25/04/20237.97.7VMware Workstation/Fusion SCSI CD DVD Device Emulation buffer overflowVirtualization SoftwareNot DefinedOfficial Fix0.030.00042CVE-2023-20872
25/04/20237.87.6VMware Fusion Raw Disk Local Privilege EscalationInconnueNot DefinedOfficial Fix0.030.00042CVE-2023-20871
25/04/20234.64.6VMware Workstation/Fusion Host Bluetooth Device Sharing divulgation de l'informationVirtualization SoftwareNot DefinedOfficial Fix0.030.00092CVE-2023-20870
25/04/20238.07.8VMware Workstation/Fusion Host Bluetooth Device Sharing buffer overflowVirtualization SoftwareNot DefinedOfficial Fix0.000.00098CVE-2023-20869
21/04/20237.27.1VMware Spring Boot Wildcard Pattern Matching elévation de privilègesInconnueNot DefinedOfficial Fix0.090.00331CVE-2023-20873
21/04/20237.27.0VMware Aria Operations for Logs elévation de privilègesInconnueNot DefinedOfficial Fix0.000.00088CVE-2023-20865
21/04/20239.89.6VMware Aria Operations for Logs elévation de privilègesInconnueNot DefinedOfficial Fix0.090.04329CVE-2023-20864
20/04/20236.46.4VMware Spring Security Logout authentification faibleInconnueNot DefinedOfficial Fix0.090.00209CVE-2023-20862
14/04/20232.52.4VMware Spring Session Application Log divulgation de l'informationInconnueNot DefinedOfficial Fix0.030.00046CVE-2023-20866
14/04/20237.57.2VMware Spring Framework SpEL Expression dénie de serviceInconnueNot DefinedOfficial Fix0.030.00177CVE-2023-20863
28/03/20237.47.2VMware Spring Framework mvcRequestMatcher elévation de privilègesInconnueNot DefinedOfficial Fix0.030.00099CVE-2023-20860
24/03/20235.05.0VMware Spring Framework SpEL Expression dénie de serviceInconnueNot DefinedNot Defined0.030.00124CVE-2023-20861
24/03/20234.54.4VMware Spring Vault divulgation de l'informationInconnueNot DefinedOfficial Fix0.030.00042CVE-2023-20859
28/02/20235.65.5VMware Workspace ONE Content authentification faibleInconnueNot DefinedOfficial Fix0.000.00078CVE-2023-20857
22/02/20237.57.4VMware vRealize Orchestrator XML Parser XML External EntityAutomation SoftwareNot DefinedOfficial Fix0.030.00135CVE-2023-20855
22/02/20235.75.6VMware Carbon Black App Control Administration Console elévation de privilègesInconnueNot DefinedOfficial Fix0.030.00284CVE-2023-20858
03/02/20234.44.2VMware Workstation dénie de serviceVirtualization SoftwareNot DefinedOfficial Fix0.030.00042CVE-2023-20854
01/02/20236.56.4VMware vRealize Operations cross site request forgeryInconnueNot DefinedOfficial Fix0.030.00081CVE-2023-20856

654 plus d'entrées ne sont pas affichées

🔒 Login Required

You need to signup and login to see more of the remaining 654 results.

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!