Skip to main content

Tanzu Application Service For Virtual Machines

2 CVEs product

Monthly

CVE-2023-20891 MEDIUM PATCH This Month

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Isolation Segment Tanzu Application Service For Virtual Machines
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-5414 MEDIUM This Month

VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Tanzu Application Service For Virtual Machines Operations Manager
NVD
CVSS 3.1
5.7
EPSS
0.7%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Isolation Segment +1
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Tanzu Application Service For Virtual Machines +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy