Vmware Уязвимости

Временная шкала

Тип

Продукт

VMware Workstation173
VMware Fusion102
VMware ESXi98
VMware Player78
VMware vCenter Server64

Устранение последствий

Official Fix660
Temporary Fix0
Workaround5
Unavailable8
Not Defined68

Эксплуатационная пригодность

High22
Functional6
Proof-of-Concept128
Unproven29
Not Defined556

Вектор доступа

Not Defined0
Physical3
Local224
Adjacent91
Network423

Аутентификация

Not Defined0
High56
Low314
None371

Взаимодействие с пользователем

Not Defined0
Required75
None666

C3BM Index

CVSSv3 Base

≤10
≤20
≤311
≤452
≤582
≤6162
≤7142
≤8147
≤971
≤1074

CVSSv3 Temp

≤10
≤21
≤313
≤460
≤5112
≤6160
≤7157
≤8115
≤987
≤1036

VulDB

≤10
≤22
≤324
≤484
≤589
≤6181
≤7106
≤8130
≤953
≤1072

NVD

≤10
≤20
≤30
≤48
≤515
≤659
≤762
≤8110
≤952
≤1055

CNA

≤10
≤20
≤30
≤42
≤55
≤610
≤78
≤814
≤98
≤108

Поставщик

≤10
≤20
≤30
≤40
≤50
≤61
≤71
≤80
≤91
≤104

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤91
≤100

Эксплойт 0-дня

<1k1
<2k16
<5k85
<10k236
<25k322
<50k70
<100k11
≥100k0

Эксплойт сегодня

<1k589
<2k56
<5k59
<10k28
<25k9
<50k0
<100k0
≥100k0

Объем рынка эксплойтов

🔴 CTI Деятельность

Affected Products (167): ACE (11), Access Connector (1), AirWatch (3), AirWatch Agent (2), AirWatch Console (3), AirWatch Inbox (2), AirWatch Launcher (1), App Volumes (2), Aria Automation (1), Aria Operations (7), Aria Operations for Logs (4), Aria Operations for Networks (10), CNS Edge (1), Carbon Black App Control (4), Carbon Black Cloud Workload Appliance (1), Center (6), Center CapacityIQ (1), Center Chargeback Manager (1), Center Operations (2), Center Server (64), Center Server Appliance (8), Center Update Manager (1), Cloud Automation Center (1), Cloud Director (4), Cloud Director Appliance (1), Cloud Director for Service Providers (1), Cloud Foundation (26), Cloud Foundation ESXi (2), Connectors (1), ESX (24), ESX Server (16), ESXi (99), ESXi Server (2), Enhanced Authentication Plug-in (2), Enterprise (1), Fabric tc Server (1), Fusion (102), Fusion Pro (4), GSX Server (2), GemFire (2), HCX (1), Horizon (1), Horizon Client (19), Horizon Client for Mac (3), Horizon Connection Server (1), Horizon DaaS (3), Horizon Server (3), Horizon View (3), Horizon View Agent (2), Horizon View Client (11), Hyperic Agent (1), Hyperic HQ (2), Hyperic HQ Groovy Script Console (1), Hyperic Server (2), Identity Manager (26), Identity Manager Connector (1), Isolation Segment (1), Movie Decoder (1), NSX (1), NSX-T (3), NSX-V Edge (1), NSX Data Center for vSphere (1), NSX Edge (2), NSX SD-WAN Edge (1), OVF Tool (1), Open Virtual Machine Tools (1), Photon (1), Photon OS (2), Pinniped (2), Pivotal Scheduler (1), Player (80), RabbitMQ (2), Reactor Netty (1), Realize Automation (24), Realize Business Advance (1), Realize Business for Cloud (1), Realize Log Insight (14), Realize Network Insight (2), Realize Operations (16), Realize Operations Manager API (6), Realize Operations Tenant App (1), Realize Orchestrator (3), Realize Suite Lifecycle Manager (2), Remote Console (3), Remote Console for Mac (3), SD-WAN (1), SD-WAN Edge (1), SD-WAN Orchestrator (6), Server (32), Shield Manager (1), Sphere Client (5), Sphere Data Protection (9), Sphere ESXi (1), Sphere Integrated Containers (1), Sphere Replication (1), Sphere Web Client (3), Spring (4), Spring-integration-zip (1), Spring AMQP (3), Spring Authorization Server (1), Spring Boot (5), Spring Cloud Data Flow (1), Spring Cloud Function (2), Spring Cloud Gateway (3), Spring Cloud Netflix Zuul (1), Spring Cloud OpenFeign (1), Spring Cloud Task (1), Spring Data MongoDB (1), Spring Data REST (2), Spring Framework (12), Spring HATEOAS (1), Spring Reactor Netty (1), Spring Security (12), Spring Security OAuth (1), Spring Session (1), SpringSource Spring Security (5), Spring Tools (1), Spring Vault (1), Spring for Apache Kafka (1), Spring for GraphQL (1), Stage Manager (1), Studio (3), Support Tools (2), Tanzu (1), Tanzu Application Service for VMs (3), Tanzu GemFire for VMs (2), Thinapp (1), Tivoli Storage Manager for Virtual Environments (1), Tools (18), Unified Access Gateway (1), V4H (1), V4PA (1), VI-Client (1), VIX API (1), VMRC (1), VSCode Extension (1), Velero (1), View (6), View Manager (1), View Planner (1), Virtual Center (1), VirtualCenter (4), Virtual Infrastructure (1), Workspace ONE Access (27), Workspace ONE Assist (5), Workspace ONE Boxer (1), Workspace ONE Content (1), Workspace ONE Launcher (1), Workspace ONE SDK (1), Workspace ONE UEM Console (2), Workspace ONE Unified Endpoint Management Console (1), Workspace One Access (1), Workspace one UEM Console (2), Workstation (177), Workstation Player (6), Workstation Pro (12), Xenon (1), Zimbra (1), Zimbra Collaboration Suite (2), Zimbra Collection Suite (1), Zimbra Desktop (1), Zimbra Web Client (1), macOS Sensor for VMware Carbon Black Cloud (1), open-vm-tools (2), tc Server (1), vMA (1), workstation (1)

Link to Vendor Website: https://www.vmware.com/

ОпубликованоBaseTempУязвимостиProdЭ�RemCTIEPSSCVE
20.03.20245.75.6Vmware Spring Authorization Server PKCE слабое шифрованиеНеизвестноNot DefinedOfficial Fix0.090.00043CVE-2024-22258
18.03.20247.77.6Vmware Spring Security AuthenticatedVoter эскалация привилегийНеизвестноNot DefinedOfficial Fix0.030.00043CVE-2024-22257
16.03.20247.27.0VMware Spring Framework UriComponentsBuilder эскалация привилегийНеизвестноNot DefinedOfficial Fix0.070.00043CVE-2024-22259
07.03.20247.67.5VMware Cloud Director Organization Name раскрытие информацииCloud SoftwareNot DefinedOfficial Fix0.060.00043CVE-2024-22256
05.03.20246.05.9VMware ESXi/Cloud Foundation VMX Process повреждение памятиCloud SoftwareNot DefinedOfficial Fix0.030.00043CVE-2024-22254
05.03.20248.07.8VMware ESXi/Workstation/Fusion/Cloud Foundation UHCI USB Controller повреждение памятиVirtualization SoftwareNot DefinedOfficial Fix0.080.00043CVE-2024-22253
05.03.20248.07.8VMware ESXi/Workstation/Fusion/Cloud Foundation XHCI USB Controller повреждение памятиVirtualization SoftwareNot DefinedOfficial Fix0.040.00043CVE-2024-22252
05.03.20244.74.6VMware ESXi/Workstation/Fusion/Cloud Foundation UHCI USB Controller раскрытие информацииVirtualization SoftwareNot DefinedOfficial Fix0.030.00043CVE-2024-22255
27.02.20244.14.0VMware Workstation/Fusion USB CCID раскрытие информацииVirtualization SoftwareNot DefinedOfficial Fix0.050.00043CVE-2024-22251
23.02.20247.27.0VMware Spring Framework URL Parser UriComponentsBuilder эскалация привилегийНеизвестноNot DefinedOfficial Fix0.060.00043CVE-2024-22243
21.02.20246.76.5VMware Aria Operations Local Privilege EscalationНеизвестноNot DefinedOfficial Fix0.040.00043CVE-2024-22235
20.02.20248.07.9VMware Enhanced Authentication Plug-in слабая аутентификацияНеизвестноNot DefinedWorkaround0.040.00043CVE-2024-22250
20.02.20249.29.1VMware Enhanced Authentication Plug-in Active Directory слабая аутентификацияНеизвестноNot DefinedWorkaround0.030.00043CVE-2024-22245
20.02.20246.56.4VMware Spring Security AuthenticationTrustResolver.isFullyAuthenticated эскалация привилегийНеизвестноNot DefinedOfficial Fix0.040.00043CVE-2024-22234
06.02.20243.83.8VMware Aria Operations for Networks межсайтовый скриптингНеизвестноNot DefinedOfficial Fix0.020.00043CVE-2024-22241
06.02.20243.83.7VMware Aria Operations for Networks раскрытие информацииНеизвестноNot DefinedOfficial Fix0.020.00046CVE-2024-22240
06.02.20246.16.1VMware Aria Operations for Networks Console эскалация привилегийНеизвестноNot DefinedOfficial Fix0.020.00042CVE-2024-22239
06.02.20244.54.5VMware Aria Operations for Networks межсайтовый скриптингНеизвестноNot DefinedOfficial Fix0.020.00043CVE-2024-22238
06.02.20247.87.6VMware Aria Operations for Networks эскалация привилегийНеизвестноNot DefinedOfficial Fix0.020.00042CVE-2024-22237
06.02.20244.24.2VMware Spring Security spring-security.xsd эскалация привилегийНеизвестноNot DefinedOfficial Fix0.030.00042CVE-2023-34042
22.01.20247.57.3VMware Spring Framework HTTP Request отказ в обслуживанииНеизвестноNot DefinedOfficial Fix0.030.00052CVE-2024-22233
16.01.20249.08.9VMware Aria Automation/Cloud Foundation эскалация привилегийAutomation SoftwareNot DefinedOfficial Fix0.040.00043CVE-2023-34063
13.12.20237.87.6Vmware Photon OS vmwgfx Driver повреждение памятиНеизвестноNot DefinedOfficial Fix0.030.00072CVE-2022-22942
12.12.20233.33.3VMware Workspace ONE Launcher Edge Panel раскрытие информацииНеизвестноNot DefinedOfficial Fix0.020.00078CVE-2023-34064
28.11.20235.75.6VMware Spring Boot HTTP Request отказ в обслуживанииНеизвестноNot DefinedOfficial Fix0.000.00043CVE-2023-34055

716 больше записей не показано

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!