Skip to main content

Vcenter Server Appliance

12 CVEs product

Monthly

CVE-2014-8371 MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-3797 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4258 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Vcenter Server Appliance Solaris +9
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2014-4241 MEDIUM This Month

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Vcenter Server Vcenter Server Appliance ESXi +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-3790 CRITICAL Act Now

Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcenter Server Appliance
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2013-3107 MEDIUM This Month

VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation VMware Vcenter Server Appliance
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-3080 CRITICAL Act Now

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Denial Of Service RCE Vcenter Server Appliance
NVD
CVSS 2.0
9.0
EPSS
1.3%
CVE-2013-3079 CRITICAL Act Now

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection VMware RCE Vcenter Server Appliance
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2013-1659 HIGH This Week

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Vcenter Server +2
NVD
CVSS 2.0
7.6
EPSS
0.9%
CVE-2012-6326 HIGH PATCH This Week

VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Denial Of Service Vcenter Server Vcenter Server Appliance
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2012-6325 MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Vcenter Server Appliance
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2012-6324 MEDIUM This Month

Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Vcenter Server Appliance
NVD
CVSS 2.0
4.0
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vcenter Server Appliance
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS VMware Vcenter Server Appliance
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +11
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Vcenter Server +3
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcenter Server Appliance
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation VMware Vcenter Server Appliance
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Denial Of Service +2
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection VMware RCE +1
NVD
EPSS 1% CVSS 7.6
HIGH This Week

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow VMware Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow VMware Denial Of Service +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Information Disclosure Vcenter Server Appliance
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Vcenter Server Appliance
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy