cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-5538,https://securityvulnerability.io/vulnerability/CVE-2019-5538,Sensitive Information Disclosure in VMware vCenter Server Appliance,"The vulnerability arises from insufficient certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance. This flaw can be exploited by an attacker positioned as a man-in-the-middle between the appliance and the backup target, allowing them to intercept and access sensitive data in transit. Organizations using versions prior to 6.7u3a and 6.5u3d are particularly at risk, as this weakness can lead to unauthorized exposure of critical information during backup operations.",Vmware,Vmware Vcenter Server Appliance,5.9,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2019-10-28T15:52:37.000Z,0
CVE-2019-5537,https://securityvulnerability.io/vulnerability/CVE-2019-5537,Sensitive Information Disclosure in VMware vCenter Server Appliance,"A vulnerability in VMware vCenter Server Appliance exposes sensitive information due to insufficient certificate validation during File-Based Backup and Restore operations. This allows adversaries positioned as a man-in-the-middle to intercept sensitive data transmitted over FTPS and HTTPS, particularly when backing up data to a target. It is essential for users to ensure proper validations and configurations to mitigate risks associated with this vulnerability.",Vmware,Vmware Vcenter Server Appliance,5.9,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2019-10-28T15:04:08.000Z,0
CVE-2017-4943,https://securityvulnerability.io/vulnerability/CVE-2017-4943,,VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.,Vmware,Vcenter Server Appliance (vcsa),7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-12-20T15:29:00.000Z,0
CVE-2016-2076,https://securityvulnerability.io/vulnerability/CVE-2016-2076,,"Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.",Vmware,"Vcenter Server,Vcloud Director,Vcloud Automation Identity Appliance",7.6,HIGH,0.0037799999117851257,false,,false,false,false,,,false,false,,2016-04-15T14:00:00.000Z,0
CVE-2014-8371,https://securityvulnerability.io/vulnerability/CVE-2014-8371,,"VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.",Vmware,Vcenter Server Appliance,,,0.0005300000193528831,false,,false,false,false,,,false,false,,2014-12-08T11:00:00.000Z,0
CVE-2014-3797,https://securityvulnerability.io/vulnerability/CVE-2014-3797,,Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,Vmware,Vcenter Server Appliance,,,0.0017399999778717756,false,,false,false,false,,,false,false,,2014-12-08T11:00:00.000Z,0
CVE-2014-4241,https://securityvulnerability.io/vulnerability/CVE-2014-4241,,Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.,Vmware,"Vcenter Server,Vcenter Server Appliance,Esxi",,,0.01155999954789877,false,,false,false,false,,,false,false,,2014-07-17T10:00:00.000Z,0
CVE-2014-3790,https://securityvulnerability.io/vulnerability/CVE-2014-3790,,Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.,Vmware,Vcenter Server Appliance,,,0.027300000190734863,false,,false,false,false,,,false,false,,2014-06-01T01:00:00.000Z,0
CVE-2013-3107,https://securityvulnerability.io/vulnerability/CVE-2013-3107,,"VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.",Vmware,Vcenter Server Appliance,,,0.0014900000533089042,false,,false,false,false,,,false,false,,2013-05-01T12:00:00.000Z,0
CVE-2013-3079,https://securityvulnerability.io/vulnerability/CVE-2013-3079,,VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.,Vmware,Vcenter Server Appliance,,,0.0021299999207258224,false,,false,false,false,,,false,false,,2013-05-01T12:00:00.000Z,0
CVE-2013-3080,https://securityvulnerability.io/vulnerability/CVE-2013-3080,,"VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access.",Vmware,Vcenter Server Appliance,,,0.003269999986514449,false,,false,false,false,,,false,false,,2013-05-01T12:00:00.000Z,0
CVE-2012-6325,https://securityvulnerability.io/vulnerability/CVE-2012-6325,,"VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors.",Vmware,Vcenter Server Appliance,,,0.0012199999764561653,false,,false,false,false,,,false,false,,2012-12-21T21:55:00.000Z,0
CVE-2012-6324,https://securityvulnerability.io/vulnerability/CVE-2012-6324,,Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.,Vmware,Vcenter Server Appliance,,,0.001339999958872795,false,,false,false,false,,,false,false,,2012-12-21T21:55:00.000Z,0