Every CVE whose affected-product data names Vmware Vcenter Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (79)
CVE-2015-2342 — CVSS 10.0 (critical): The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict…
CVE-2013-1405 — CVSS 10.0 (critical): VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b…
CVE-2021-21986 — CVSS 9.8 (critical): The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery…
CVE-2024-37080 — CVSS 9.8 (critical): vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access…
CVE-2017-4923 — CVSS 9.8 (critical): VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to…
CVE-2021-22049 — CVSS 9.8 (critical): The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in…
CVE-2022-31680 — CVSS 9.1 (critical): The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin…
CVE-2017-4919 — CVSS 9.0 (critical): VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest…
CVE-2017-4921 — CVSS 8.8 (high): VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH…
CVE-2021-22048 — CVSS 8.8 (high): The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A…
CVE-2023-20893 — CVSS 8.1 (high): The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with…
CVE-2023-20894 — CVSS 8.1 (high): The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor…
CVE-2023-20895 — CVSS 8.1 (high): The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with…
CVE-2023-20892 — CVSS 8.1 (high): The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC…
CVE-2021-21991 — CVSS 7.8 (high): The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with…
CVE-2024-37081 — CVSS 7.8 (high): The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local…
CVE-2012-6326 — CVSS 7.8 (high): VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial…
CVE-2009-2698 — CVSS 7.8 (high): The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows…
CVE-2017-4943 — CVSS 7.8 (high): VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin…
CVE-2021-22015 — CVSS 7.8 (high): The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An…
CVE-2019-5534 — CVSS 7.7 (high): VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure…
CVE-2016-7459 — CVSS 7.7 (high): VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser…
CVE-2019-5532 — CVSS 7.7 (high): VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure…
CVE-2013-1659 — CVSS 7.6 (high): VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5…
CVE-2016-2076 — CVSS 7.6 (high): Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize…
CVE-2017-4927 — CVSS 7.5 (high): VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which…
CVE-2017-4928 — CVSS 7.5 (high): The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains…
CVE-2021-21980 — CVSS 7.5 (high): The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to…
CVE-2021-22006 — CVSS 7.5 (high): The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with…
CVE-2021-22008 — CVSS 7.5 (high): The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to…
CVE-2021-22009 — CVSS 7.5 (high): The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access…
CVE-2021-22010 — CVSS 7.5 (high): The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter…
CVE-2021-22012 — CVSS 7.5 (high): The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor…
CVE-2021-22013 — CVSS 7.5 (high): The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A…
CVE-2021-22019 — CVSS 7.5 (high): The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port…
CVE-2022-22982 — CVSS 7.5 (high): The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter…
CVE-2020-3994 — CVSS 7.4 (high): VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance…
CVE-2021-22014 — CVSS 7.2 (high): The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An…
CVE-2024-22274 — CVSS 7.2 (high): The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the…
CVE-2013-5971 — CVSS 6.8 (medium): Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to…
CVE-2017-4922 — CVSS 6.5 (medium): VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable…
CVE-2021-21992 — CVSS 6.5 (medium): The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative…
CVE-2021-22018 — CVSS 6.5 (medium): The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with…
CVE-2009-2416 — CVSS 6.5 (medium): Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent…
CVE-2021-21993 — CVSS 6.5 (medium): The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server…
CVE-2015-6931 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before…
CVE-2016-2078 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0…
CVE-2021-22016 — CVSS 6.1 (medium): The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit…
CVE-2016-5331 — CVSS 6.1 (medium): CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers…
CVE-2019-5538 — CVSS 5.9 (medium): Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore…
CVE-2019-5537 — CVSS 5.9 (medium): Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore…
CVE-2023-20896 — CVSS 5.9 (medium): The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with…
CVE-2015-6932 — CVSS 5.8 (medium): VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows…
CVE-2021-22007 — CVSS 5.5 (medium): The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with…
CVE-2021-22020 — CVSS 5.5 (medium): The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an…
CVE-2022-31697 — CVSS 5.5 (medium): The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with…
CVE-2017-4926 — CVSS 5.4 (medium): VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with…
CVE-2019-5531 — CVSS 5.4 (medium): VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and…
CVE-2022-31698 — CVSS 5.3 (medium): The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port…
CVE-2020-3976 — CVSS 5.3 (medium): VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has…
CVE-2024-37087 — CVSS 5.3 (medium): The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a…
CVE-2021-22011 — CVSS 5.3 (medium): vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network…
CVE-2015-1047 — CVSS 5.0 (medium): vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a…
CVE-2024-22275 — CVSS 4.9 (medium): The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance…
CVE-2009-1072 — CVSS 4.9 (medium): nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows…
CVE-2023-34056 — CVSS 4.3 (medium): vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter…
CVE-2014-4241 — CVSS 4.3 (medium): Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers…
CVE-2010-2928 — CVSS 2.1 (low): The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file…