Vmware Cloud Foundation — known CVE vulnerabilities
Every CVE whose affected-product data names Vmware Cloud Foundation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (135)
CVE-2023-34063 — CVSS 9.9 (critical): Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to…
CVE-2021-21986 — CVSS 9.8 (critical): The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery…
CVE-2021-22002 — CVSS 9.8 (critical): VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port…
CVE-2023-20864 — CVSS 9.8 (critical): VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware…
CVE-2021-21994 — CVSS 9.8 (critical): SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port…
CVE-2024-22253 — CVSS 9.3 (critical): VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local…
CVE-2022-31678 — CVSS 9.1 (critical): VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may…
CVE-2021-21974 — CVSS 8.8 (high): OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a…
CVE-2022-31696 — CVSS 8.8 (high): VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local…
CVE-2023-20877 — CVSS 8.8 (high): VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform…
CVE-2021-22048 — CVSS 8.8 (high): The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A…
CVE-2024-22280 — CVSS 8.5 (high): VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious…
CVE-2025-22218 — CVSS 8.5 (high): VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be…
CVE-2020-3962 — CVSS 8.2 (high): VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x…
CVE-2025-22249 — CVSS 8.2 (high): VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the…
CVE-2020-4004 — CVSS 8.2 (high): VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before…
CVE-2020-3968 — CVSS 8.2 (high): VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x…
CVE-2024-22273 — CVSS 8.1 (high): The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access…
CVE-2026-41722 — CVSS 8.0 (high): VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to…
CVE-2026-41723 — CVSS 8.0 (high): VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to…
CVE-2026-41724 — CVSS 8.0 (high): VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to…
CVE-2026-22720 — CVSS 8.0 (high): VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks…
CVE-2024-22254 — CVSS 7.9 (high): VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an…
CVE-2020-4005 — CVSS 7.8 (high): VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a…
CVE-2022-22945 — CVSS 7.8 (high): VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute…
CVE-2024-37081 — CVSS 7.8 (high): The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local…
CVE-2020-3969 — CVSS 7.8 (high): VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x…
CVE-2021-21991 — CVSS 7.8 (high): The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with…
CVE-2024-38830 — CVSS 7.8 (high): VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may…
CVE-2024-38831 — CVSS 7.8 (high): VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can…
CVE-2021-22042 — CVSS 7.8 (high): VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor…
CVE-2022-22973 — CVSS 7.8 (high): VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can…
CVE-2021-22015 — CVSS 7.8 (high): The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An…
CVE-2020-3982 — CVSS 7.7 (high): VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x)…
CVE-2025-22222 — CVSS 7.7 (high): VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit…
CVE-2019-16919 — CVSS 7.5 (high): Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a…
CVE-2020-3966 — CVSS 7.5 (high): VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x…
CVE-2020-3967 — CVSS 7.5 (high): VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x…
CVE-2021-21980 — CVSS 7.5 (high): The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to…
CVE-2021-21995 — CVSS 7.5 (high): OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to…
CVE-2021-22003 — CVSS 7.5 (high): VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network…
CVE-2021-22006 — CVSS 7.5 (high): The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with…
CVE-2021-22008 — CVSS 7.5 (high): The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to…
CVE-2021-22009 — CVSS 7.5 (high): The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access…
CVE-2021-22010 — CVSS 7.5 (high): The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter…
CVE-2021-22012 — CVSS 7.5 (high): The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor…
CVE-2021-22013 — CVSS 7.5 (high): The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A…
CVE-2021-22019 — CVSS 7.5 (high): The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port…
CVE-2021-22024 — CVSS 7.5 (high): The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious…
CVE-2021-22025 — CVSS 7.5 (high): The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API…
CVE-2021-22026 — CVSS 7.5 (high): The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious…
CVE-2021-22027 — CVSS 7.5 (high): The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious…
CVE-2021-22050 — CVSS 7.5 (high): ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit…
CVE-2022-22982 — CVSS 7.5 (high): The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter…
CVE-2025-22243 — CVSS 7.5 (high): VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVE-2020-3994 — CVSS 7.4 (high): VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance…
CVE-2025-41231 — CVSS 7.3 (high): VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance…
CVE-2022-31700 — CVSS 7.2 (high): VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the…
CVE-2024-22274 — CVSS 7.2 (high): The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the…
CVE-2021-22014 — CVSS 7.2 (high): The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An…
CVE-2023-20878 — CVSS 7.2 (high): VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary…
CVE-2022-22958 — CVSS 7.2 (high): VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 &…
CVE-2021-22023 — CVSS 7.2 (high): The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative…
CVE-2023-20865 — CVSS 7.2 (high): VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria…
CVE-2022-22957 — CVSS 7.2 (high): VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 &…
CVE-2024-22255 — CVSS 7.1 (high): VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with…
CVE-2024-38832 — CVSS 7.1 (high): VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to…
CVE-2025-22244 — CVSS 6.9 (medium): VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVE-2025-22219 — CVSS 6.8 (medium): VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges…
CVE-2024-38833 — CVSS 6.8 (medium): VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might…
CVE-2024-37086 — CVSS 6.8 (medium): VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with…
CVE-2021-22041 — CVSS 6.7 (medium): VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local…
CVE-2024-22235 — CVSS 6.7 (medium): VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local…
CVE-2023-20879 — CVSS 6.7 (medium): VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria…
CVE-2023-20880 — CVSS 6.7 (medium): VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can…
CVE-2021-22040 — CVSS 6.7 (medium): VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local…
CVE-2023-34043 — CVSS 6.7 (medium): VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local…
CVE-2022-31681 — CVSS 6.5 (medium): VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a…
CVE-2021-22018 — CVSS 6.5 (medium): The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with…
CVE-2021-21993 — CVSS 6.5 (medium): The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server…
CVE-2021-21992 — CVSS 6.5 (medium): The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative…
CVE-2021-21983 — CVSS 6.5 (medium): Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious…
CVE-2024-38834 — CVSS 6.5 (medium): VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might…
CVE-2026-22721 — CVSS 6.2 (medium): VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria…
CVE-2021-22016 — CVSS 6.1 (medium): The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit…
CVE-2023-20884 — CVSS 6.1 (medium): VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may…
CVE-2025-22245 — CVSS 5.9 (medium): VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVE-2020-3993 — CVSS 5.9 (medium): VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to…
CVE-2020-3981 — CVSS 5.8 (medium): VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x)…
CVE-2022-31697 — CVSS 5.5 (medium): The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with…
CVE-2020-3965 — CVSS 5.5 (medium): VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x…
CVE-2020-3963 — CVSS 5.5 (medium): VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x…
CVE-2021-22020 — CVSS 5.5 (medium): The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an…
CVE-2020-3971 — CVSS 5.5 (medium): VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x…
CVE-2021-22007 — CVSS 5.5 (medium): The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with…
CVE-2021-22021 — CVSS 5.4 (medium): VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation…
CVE-2020-3995 — CVSS 5.3 (medium): In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before…
CVE-2022-31701 — CVSS 5.3 (medium): VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this…
CVE-2024-37087 — CVSS 5.3 (medium): The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a…
CVE-2022-31698 — CVSS 5.3 (medium): The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port…
CVE-2022-22961 — CVSS 5.3 (medium): VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning…
CVE-2021-22011 — CVSS 5.3 (medium): vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network…
CVE-2020-3976 — CVSS 5.3 (medium): VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has…
CVE-2025-22221 — CVSS 5.2 (medium): VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria…
CVE-2022-22939 — CVSS 4.9 (medium): VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log…
CVE-2024-22275 — CVSS 4.9 (medium): The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance…
CVE-2021-22022 — CVSS 4.9 (medium): The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative…
CVE-2020-3964 — CVSS 4.7 (medium): VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x…
CVE-2021-22035 — CVSS 4.3 (medium): VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics…
CVE-2025-22220 — CVSS 4.3 (medium): VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and…
CVE-2022-22959 — CVSS 4.3 (medium): VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor…
CVE-2020-3970 — CVSS 3.8 (low): VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x…
CVE-2022-31699 — CVSS 3.3 (low): VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit…
CVE-2021-22033 — CVSS 2.7 (low): Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.