| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-27772 |
668 |
|
|
2022-03-30 |
2022-04-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer. |
|
2 |
CVE-2022-22968 |
178 |
|
|
2022-04-14 |
2022-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. |
|
3 |
CVE-2022-22966 |
|
|
Exec Code +Priv |
2022-04-14 |
2022-04-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. |
|
4 |
CVE-2022-22948 |
276 |
|
|
2022-03-29 |
2022-04-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. |
|
5 |
CVE-2022-22947 |
94 |
|
Exec Code |
2022-03-03 |
2022-04-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. |
|
6 |
CVE-2022-22944 |
79 |
|
XSS |
2022-03-02 |
2022-03-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window. |
|
7 |
CVE-2022-22939 |
532 |
|
|
2022-02-04 |
2022-02-10 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. |
|
8 |
CVE-2021-32719 |
79 |
|
Exec Code XSS |
2021-06-28 |
2021-07-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead. |
|
9 |
CVE-2021-32718 |
79 |
|
Exec Code XSS |
2021-06-28 |
2021-12-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring. |
|
10 |
CVE-2021-22119 |
863 |
|
|
2021-06-29 |
2022-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. |
|
11 |
CVE-2021-22118 |
269 |
|
|
2021-05-27 |
2022-05-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. |
|
12 |
CVE-2021-22116 |
20 |
|
DoS |
2021-06-08 |
2021-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. |
|
13 |
CVE-2021-22114 |
22 |
|
Dir. Trav. |
2021-03-01 |
2021-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. |
|
14 |
CVE-2021-22113 |
863 |
|
Bypass |
2021-02-23 |
2021-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. |
|
15 |
CVE-2021-22097 |
502 |
|
|
2021-10-28 |
2021-11-01 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called. |
|
16 |
CVE-2021-22096 |
|
|
|
2021-10-28 |
2022-04-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. |
|
17 |
CVE-2021-22095 |
502 |
|
|
2021-11-30 |
2021-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message |
|
18 |
CVE-2021-22060 |
|
|
|
2022-01-10 |
2022-05-13 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. |
|
19 |
CVE-2021-22055 |
74 |
|
|
2022-04-11 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries. |
|
20 |
CVE-2021-22054 |
918 |
|
|
2021-12-17 |
2021-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. |
|
21 |
CVE-2021-22053 |
94 |
|
Exec Code |
2021-11-19 |
2021-11-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. |
|
22 |
CVE-2021-22051 |
863 |
|
|
2021-11-08 |
2021-11-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer. |
|
23 |
CVE-2021-22050 |
770 |
|
|
2022-02-16 |
2022-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests. |
|
24 |
CVE-2021-22048 |
269 |
|
|
2021-11-10 |
2021-11-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. |
|
25 |
CVE-2021-22047 |
668 |
|
|
2021-10-28 |
2021-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration. |
|
26 |
CVE-2021-22045 |
787 |
|
Exec Code Overflow |
2022-01-04 |
2022-01-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. |
|
27 |
CVE-2021-22044 |
668 |
|
|
2021-10-28 |
2021-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. |
|
28 |
CVE-2021-22043 |
367 |
|
|
2022-02-16 |
2022-02-24 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files. |
|
29 |
CVE-2021-22042 |
863 |
|
|
2022-02-16 |
2022-02-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user. |
|
30 |
CVE-2021-22041 |
|
|
Exec Code |
2022-02-16 |
2022-02-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
|
31 |
CVE-2021-22040 |
416 |
|
Exec Code |
2022-02-16 |
2022-02-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
|
32 |
CVE-2021-22038 |
330 |
|
+Priv |
2021-10-29 |
2021-11-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers. |
|
33 |
CVE-2021-22037 |
427 |
|
|
2021-10-29 |
2021-11-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers. |
|
34 |
CVE-2021-22036 |
200 |
|
+Info |
2021-10-13 |
2021-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure. |
|
35 |
CVE-2021-22035 |
74 |
|
|
2021-10-13 |
2021-10-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment. |
|
36 |
CVE-2021-22034 |
668 |
|
|
2021-10-21 |
2021-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. |
|
37 |
CVE-2021-22033 |
918 |
|
|
2021-10-13 |
2021-10-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. |
|
38 |
CVE-2021-22029 |
770 |
|
DoS |
2021-08-31 |
2021-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting. |
|
39 |
CVE-2021-22027 |
918 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. |
|
40 |
CVE-2021-22026 |
918 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. |
|
41 |
CVE-2021-22025 |
287 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. |
|
42 |
CVE-2021-22024 |
532 |
|
|
2021-08-30 |
2022-02-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. |
|
43 |
CVE-2021-22023 |
639 |
|
|
2021-08-30 |
2022-02-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. |
|
44 |
CVE-2021-22022 |
22 |
|
Dir. Trav. |
2021-08-30 |
2022-02-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. |
|
45 |
CVE-2021-22021 |
79 |
|
XSS |
2021-08-30 |
2021-09-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. |
|
46 |
CVE-2021-22019 |
|
|
DoS |
2021-09-23 |
2021-09-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition. |
|
47 |
CVE-2021-22018 |
|
|
|
2021-09-23 |
2021-09-30 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. |
|
48 |
CVE-2021-22017 |
|
|
Bypass |
2021-09-23 |
2021-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. |
|
49 |
CVE-2021-22016 |
79 |
|
XSS |
2021-09-23 |
2021-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link. |
|
50 |
CVE-2021-22013 |
22 |
|
Dir. Trav. |
2021-09-23 |
2021-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. |
