Known Vulnerabilities for products from Vmware

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Vmware".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-34424 A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5... 7.5 - HIGH 2021-11-24 2022-01-03
CVE-2021-34423 A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) befo... 9.8 - CRITICAL 2021-11-24 2022-01-03
CVE-2021-32719 RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was display... 4.8 - MEDIUM 2021-06-28 2021-07-02
CVE-2021-32718 RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via managem... 5.4 - MEDIUM 2021-06-28 2021-12-10
CVE-2021-22119 Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susc... 7.5 - HIGH 2021-06-29 2021-07-26
CVE-2021-22118 In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to... 7.8 - HIGH 2021-05-27 2021-12-07
CVE-2021-22117 RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attac... 7.8 - HIGH 2021-05-18 2021-05-25
CVE-2021-22116 RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP... 7.5 - HIGH 2021-06-08 2021-07-19
CVE-2021-22114 Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vuln... 5.3 - MEDIUM 2021-03-01 2021-03-09
CVE-2021-22113 Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vuln... 5.3 - MEDIUM 2021-02-23 2021-03-02
CVE-2021-22112 Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versi... 8.8 - HIGH 2021-02-23 2021-12-08
CVE-2021-22097 In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will des... 6.5 - MEDIUM 2021-10-28 2021-11-01
CVE-2021-22096 In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to pro... 4.3 - MEDIUM 2021-10-28 2021-11-29
CVE-2021-22095 In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will cre... 6.5 - MEDIUM 2021-11-30 2021-12-01
CVE-2021-22060 In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to pro... 4.3 - MEDIUM 2022-01-10 2022-01-14
CVE-2021-22057 VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, wh... 9.8 - CRITICAL 2021-12-20 2022-01-03
CVE-2021-22056 VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerab... 7.5 - HIGH 2021-12-20 2022-01-03
CVE-2021-22054 VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.... 7.5 - HIGH 2021-12-17 2021-12-17
CVE-2021-22053 Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute ... 8.8 - HIGH 2021-11-19 2021-11-23
CVE-2021-22051 Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on d... 6.5 - MEDIUM 2021-11-08 2021-11-09

Known software with vulnerabilities from Vmware

Type Vendor Product Version
ApplicationVmwareAce-
ApplicationVmwareAce 2-
ApplicationVmwareAirwatch7.3.0.0
ApplicationVmwareAirwatch Console9.1.0.0
ApplicationVmwareAirwatch Launcher3.2.2
ApplicationVmwareApp Volumes2.9
ApplicationVmwareCapacity Planner2.6.2.22938
ApplicationVmwareCapacityiq1.0.0
ApplicationVmwareCloud Foundation-
ApplicationVmwareConsolidated Backup Framework1.5.0.2192
ApplicationVmwareConverter1.0.0
ApplicationVmwareConverter Enterprise Client4.0.3.62417
ApplicationVmwareData Recovery1.2.0
Operating
System
VmwareEsx-
ApplicationVmwareEsx Server-
Operating
System
VmwareEsxi3.5
ApplicationVmwareFusion-
ApplicationVmwareFusion Pro8.0.0
ApplicationVmwareGemfire9.7.0
ApplicationVmwareGsx Server-

Popular searches for "Vmware"

VMware - Delivering a Digital Foundation For Businesses

www.vmware.com

Mware - Delivering a Digital Foundation For Businesses N L JRun any app on any cloud on any device with a digital foundation built on VMware V T R solutions for modern apps, multi-cloud, digital workspace, security & networking. vmware.com

www.vmware.com/vcloud/v1.5 www.vmware.com/index.html www.vmware.com/mac www.vmware.com/vcloud/extension/v1.5 www.vmware.com/go/try-horizon-suite-en www.lightreading.com/complink_redirect.asp?vl_id=6099 VMware Cloud computing Application software Computer network Mobile app Multicloud Digital data Customer Technology Solution Computer security Computer hardware Build (developer conference) Digital audio workstation Digital Equipment Corporation Business Infrastructure Web service Security Flexibility (engineering)

Russian-Owned Software Company May Be Entry Point for Huge U.S. Hacking

www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html

K GRussian-Owned Software Company May Be Entry Point for Huge U.S. Hacking Russian-Owned Software Company May Be Entry Point for Huge U.S. Hacking - The New York Times Continue reading the main story Russian-Owned Software Company May Be Entry Point for Huge U.S. Hacking Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to federal government and private sector systems in the United States. Officials are investigating whether a Russian company, based in the Czech Republic, was a pathway for Russian hackers to insert malware that would flow to a number of technology companies. Credit...Kirill Kudryavtsev/Agence France-Presse Getty Images By Nicole Perlroth, David E. Sanger and Julian E. Barnes Jan. 6, 2021Updated 4:37 p.m. ET American intelligence agencies and private cybersecurity investigators are examining the role of a widely used software company, JetBrains, in the far-reaching Russian hacking of federal agencies, private corporations and United States infrastructure, according to officials and executives briefed on the inquiry. Officials are investigating whether the company, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies. Security experts warn that the monthslong intrusion could be the biggest breach of United States networks in history. JetBrains, which counts 79 of the Fortune 100 companies as customers, is used by developers at 300,000 businesses. One of them is SolarWinds, the company based in Austin, Texas, whose network management software played a central role in allowing hackers into government and private networks. JetBrains said on Wednesday that it had not been contacted by government officials and was not aware of any compromise. The exact software that investigators are examining is a JetBrains product called TeamCity, which allows developers to test and exchange software code before its release. By compromising TeamCity, or exploiting gaps in how customers use the tool, cybersecurity experts say the Russian hackers could have inconspicuously planted back doors in an untold number of JetBrains clients. Separately, the Justice Department said that its email system had been compromised as part of the SolarWinds hacking, an announcement that expands the scope of the government computers that Russia was able to infiltrate. Government officials are not certain how the compromise of the JetBrains software relates to the larger SolarWinds hacking. They are seeking to learn if it was a parallel way for Russias main intelligence agency to enter government and private systems, or whether it was the original avenue for Russian operatives to first infiltrate SolarWinds. On Tuesday, the Office of the Director of National Intelligence, the F.B.I., the Department of Homeland Security and the National Security Agency issued a joint statement formally declaring that Russia was most likely the origin of the hacking. But the statement offered no details, and made no mention of the JetBrains software or the S.V.R., Russias most skilled intelligence agency. Google, Hewlett-Packard and Citibank are among JetBrains customers, and the company is widely used by developers of Android mobile software. It also countsSiemens, a major supplier of technology in critical infrastructure such as power and nuclear plants, as a customer, as well as VMware, a technology company that the National Security Agency warned on Dec. 7 was also being used by Russian hackers to break into networks. Yaroslav Russkih, a JetBrains spokesman, said the company did not know whether its customers had been affected. SolarWinds confirmed Wednesday that it used TeamCity software to assist with the development of its software and was investigating the software as part of its investigation. The company said it had yet to confirm a definitive link between JetBrains and the breach and compromise of its own software. SolarWinds has said that 18,000 customers downloaded its compromisedsoftware, but investigators believe Russia was judicious in which of those networks it gained access to, making it difficult to quickly assess the damage. In the joint announcement, officials said they believed the Russian hackers stopped at 10 federal agencies, but an internal assessment by Amazon, which has been examining hackers tools, believe the total number of victims in government and the private sector could be upward of 250 organizations. Microsoft also announced on Dec. 31 that its network was breached by the same intruders, and confirmed that they viewed the companys source code. It has not said which products may have been compromised. CrowdStrike, a security firm, confirmed last month that it was targeted, unsuccessfully, through acompany that sells software on behalf of Microsoft. Those resellers help set up Microsoft software and often have broad access to clients systems, which Russias hackers could exploit on untold numbers of Microsoft customers. The Justice Department did not learn of, and close off, the vulnerability in its Microsoft Outlook email system until Dec. 24, some 10 days after the SolarWinds compromise of government computers became public, officials said. Marc Raimondi, a Justice Department spokesman, said that about 3 percent of the departments email accounts that use the specific Microsoft software were compromised by the breach. He said that no classified systems appear to have been affected, but that the episode had been designated as a major one. Compromising and introducing a back door into a build environment such as TeamCity is the holy grail of a supply chain hack, said Dmitri Alperovitch, a founder of CrowdStrike who now runs Silverado Policy Accelerator, referring to the method by which the Russian hackers entered victims systems through their supply chains, or software vendors. It can allow an adversary to have thousands of SolarWinds-style back doors in all sorts of products in use by victims all over the world., Mr. Alperovitch added. This is a very big deal. Advertisement nytimes.com

Security hacker JetBrains Software company Software SolarWinds Cyberwarfare by Russia Private sector United States Federal government of the United States Technology company Russian interference in the 2016 United States elections TeamCity Backdoor (computing) Computer security Computer network Programmer Russian language The New York Times