threat
engine
.sh
Back
·
··:··
Home
/
Product
/
vmware vcenter server
Product
vmware vcenter server
79 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-38813
all versions
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may tri
7.5
HIGH
CVE-2024-38812
all versions
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with n
9.8
CRITICAL
CVE-2024-37087
all versions
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create
5.3
MEDIUM
CVE-2024-37081
all versions
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated
7.8
HIGH
CVE-2024-37080
all versions
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network
9.8
CRITICAL
CVE-2024-37079
all versions
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network
9.8
CRITICAL
CVE-2024-22275
all versions
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter ap
4.9
MEDIUM
CVE-2024-22274
all versions
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privilege
7.2
HIGH
CVE-2023-34056
>= 4.0 and <= 5.5
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to v
4.3
MEDIUM
CVE-2023-34048
>= 4.0 and <= 5.5
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with
9.8
CRITICAL
CVE-2023-20896
>= 4.0 and < 7.0
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious
5.9
MEDIUM
CVE-2023-20895
< 7.0
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious ac
8.1
HIGH
CVE-2023-20894
< 7.0
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious
8.1
HIGH
CVE-2023-20893
< 7.0
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor
8.1
HIGH
CVE-2023-20892
< 7.0
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DC
8.1
HIGH
CVE-2022-31698
all versions
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network acces
5.3
MEDIUM
CVE-2022-31697
all versions
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious ac
5.5
MEDIUM
CVE-2022-31680
< 6.5
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor w
9.1
CRITICAL
CVE-2022-22982
all versions
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on th
7.5
HIGH
CVE-2022-22948
all versions
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with no
6.5
MEDIUM
CVE-2021-22049
all versions
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI)
9.8
CRITICAL
CVE-2021-21980
all versions
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network acc
7.5
HIGH
CVE-2021-22048
all versions
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mec
8.8
HIGH
CVE-2021-22020
all versions
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may
5.5
MEDIUM
CVE-2021-22019
all versions
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access
7.5
HIGH
CVE-2021-22018
all versions
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious a
6.5
MEDIUM
CVE-2021-22017
all versions
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious acto
5.3
MEDIUM
CVE-2021-22016
all versions
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may ex
6.1
MEDIUM
CVE-2021-22015
all versions
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directori
7.8
HIGH
CVE-2021-22014
all versions
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). A
7.2
HIGH
CVE-2021-22013
all versions
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API.
7.5
HIGH
CVE-2021-22012
all versions
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A maliciou
7.5
HIGH
CVE-2021-22011
all versions
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with ne
5.3
MEDIUM
CVE-2021-22010
all versions
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 o
7.5
HIGH
CVE-2021-22009
all versions
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with netwo
7.5
HIGH
CVE-2021-22008
all versions
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network
7.5
HIGH
CVE-2021-22007
all versions
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-
5.5
MEDIUM
CVE-2021-22006
all versions
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor wi
7.5
HIGH
CVE-2021-22005
all versions
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access
9.8
CRITICAL
CVE-2021-21993
all versions
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Serv
6.5
MEDIUM
CVE-2021-21992
all versions
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-admin
6.5
MEDIUM
CVE-2021-21991
all versions
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor
7.8
HIGH
CVE-2021-21986
all versions
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site R
9.8
CRITICAL
CVE-2021-21985
all versions
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Healt
9.8
CRITICAL
CVE-2021-21973
all versions
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vC
5.3
MEDIUM
CVE-2021-21972
all versions
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with netwo
9.8
CRITICAL
CVE-2020-3994
all versions
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Applianc
7.4
HIGH
CVE-2020-3976
all versions
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMwa
5.3
MEDIUM
CVE-2020-3952
all versions
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Contro
9.8
CRITICAL
CVE-2019-5538
all versions
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Re
5.9
MEDIUM
CVE-2019-5537
all versions
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Re
5.9
MEDIUM
CVE-2019-5531
all versions
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG)
5.4
MEDIUM
CVE-2019-5534
all versions
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vul
7.7
HIGH
CVE-2019-5532
all versions
VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vul
7.7
HIGH
CVE-2017-4943
all versions
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog'
7.8
HIGH
CVE-2017-4928
all versions
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, co
7.5
HIGH
CVE-2017-4927
>= 6.0 and < 6.0_u3c
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network pack
7.5
HIGH
CVE-2017-4926
all versions
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An atta
5.4
MEDIUM
CVE-2017-4923
all versions
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext crede
9.8
CRITICAL
CVE-2017-4922
all versions
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world
6.5
MEDIUM
CVE-2017-4921
all versions
VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PA
8.8
HIGH
CVE-2017-4919
all versions
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Gue
9.0
CRITICAL
CVE-2016-7459
all versions
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Br
7.7
HIGH
CVE-2016-5331
<= 6.0
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP
6.1
MEDIUM
CVE-2015-6931
all versions
Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.
6.1
MEDIUM
CVE-2016-2078
all versions
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, an
6.1
MEDIUM
CVE-2016-2076
<= 6.0
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vReal
7.6
HIGH
CVE-2015-2342
all versions
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict re
CVE-2015-1047
all versions
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of servic
CVE-2015-6932
all versions
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-i
CVE-2014-4241
all versions
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote
CVE-2013-5971
<= 5.0
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attacke
CVE-2013-1659
all versions
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ES
CVE-2012-6326
all versions
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause
CVE-2013-1405
all versions
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Up
CVE-2010-2928
all versions
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuratio
CVE-2009-2698
all versions
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19
7.8
HIGH
CVE-2009-2416
all versions
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-de
6.5
MEDIUM
CVE-2009-1072
all versions
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin