Skip to main content

Vcloud Director

5 CVEs product

Monthly

CVE-2022-22966 HIGH PATCH This Week

An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

VMware RCE Vcloud Director
NVD
CVSS 3.1
7.2
EPSS
6.4%
CVE-2020-3956 HIGH POC THREAT This Week

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE VMware Vcloud Director
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
21.1%
CVE-2019-5523 CRITICAL Act Now

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation VMware Information Disclosure Vcloud Director
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2016-2076 HIGH This Week

Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Vcenter Server Vcloud Automation Identity Appliance Vcloud Director
NVD
CVSS 3.0
7.6
EPSS
0.4%
CVE-2014-1211 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF VMware Vcloud Director
NVD
CVSS 2.0
6.8
EPSS
0.3%
EPSS 6% CVSS 7.2
HIGH PATCH This Week

An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

VMware RCE Vcloud Director
NVD
EPSS 21% CVSS 8.8
HIGH POC THREAT This Week

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE VMware Vcloud Director
NVD GitHub Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL Act Now

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation VMware Information Disclosure +1
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Vcenter Server +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF VMware Vcloud Director
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy