cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-21976,https://securityvulnerability.io/vulnerability/CVE-2021-21976,Post-authentication Command Injection Vulnerability in VMware vSphere Replication,"VMware vSphere Replication versions 8.3.x, 8.2.x, 8.1.x, and 6.5.x prior to their respective updates are vulnerable to a post-authentication command injection. This vulnerability allows an authenticated administrator to execute arbitrary commands on the affected systems, potentially leading to unauthorized access and control over critical infrastructure. Organizations using these versions should apply patches immediately to mitigate the risk of exploitation.",Vmware,Vsphere Replication,7.2,HIGH,0.0017500000540167093,false,,false,false,false,,,false,false,,2021-02-11T20:34:45.000Z,0
CVE-2019-5531,https://securityvulnerability.io/vulnerability/CVE-2019-5531,Information Disclosure Vulnerability in VMware vSphere ESXi and vCenter Server,VMware vSphere ESXi and vCenter Server contain an information disclosure vulnerability caused by insufficient session expiration. This flaw can allow an attacker with physical access or the capability to mimic a websocket connection to a user’s browser to gain control of a VM Console after the user has logged out or their session has timed out. This necessitates swift updates to mitigate potential unauthorized access.,Vmware,"Vmware Vsphere Esxi,Vmware Vcenter Server",5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2019-09-18T21:42:17.000Z,0
CVE-2017-4947,https://securityvulnerability.io/vulnerability/CVE-2017-4947,,VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.,Vmware,"Vrealize Automation,Vsphere Integrated Containers",9.8,CRITICAL,0.10651999711990356,false,,false,false,false,,,false,false,,2018-01-29T16:29:00.000Z,0
CVE-2017-4928,https://securityvulnerability.io/vulnerability/CVE-2017-4928,,"The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.",Vmware,Vsphere Web Client,7.5,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2017-11-17T14:29:00.000Z,0
CVE-2017-4917,https://securityvulnerability.io/vulnerability/CVE-2017-4917,,"VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.",Vmware,Vsphere Data Protection (vdp),9.8,CRITICAL,0.006380000151693821,false,,false,false,false,,,false,false,,2017-06-07T17:00:00.000Z,0
CVE-2017-4914,https://securityvulnerability.io/vulnerability/CVE-2017-4914,,"VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.",Vmware,Vsphere Data Protection (vdp),9.8,CRITICAL,0.14103999733924866,false,,false,false,false,,,false,false,,2017-06-07T17:00:00.000Z,0
CVE-2016-7458,https://securityvulnerability.io/vulnerability/CVE-2016-7458,,"VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",Vmware,Vsphere Client,5.8,MEDIUM,0.0013500000350177288,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0
CVE-2016-7456,https://securityvulnerability.io/vulnerability/CVE-2016-7456,,"VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.",Vmware,Vsphere Data Protection,9.8,CRITICAL,0.5235700011253357,false,,false,false,true,2017-01-03T08:36:49.000Z,true,false,false,,2016-12-29T09:02:00.000Z,0
CVE-2014-4632,https://securityvulnerability.io/vulnerability/CVE-2014-4632,,"VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.",Vmware,Vsphere Data Protection,,,0.0006500000017695129,false,,false,false,false,,,false,false,,2015-02-01T02:00:00.000Z,0
CVE-2014-1209,https://securityvulnerability.io/vulnerability/CVE-2014-1209,,"VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.",Vmware,Vsphere Client,,,0.0066200001165270805,false,,false,false,false,,,false,false,,2014-04-11T19:00:00.000Z,0
CVE-2014-1210,https://securityvulnerability.io/vulnerability/CVE-2014-1210,,"VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.",Vmware,Vsphere Client,,,0.000590000010561198,false,,false,false,false,,,false,false,,2014-04-11T19:00:00.000Z,0
CVE-2012-1512,https://securityvulnerability.io/vulnerability/CVE-2012-1512,,Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry.,Vmware,Vsphere,,,0.002589999930933118,false,,false,false,false,,,false,false,,2012-03-16T20:00:00.000Z,0