CVE Daily
← All tags

Tag: VMware vCenter Server

All CVEs associated with "VMware vCenter Server". Page 2/2 • 129 CVEs.

Subscribe CVEs: RSS for “VMware vCenter Server”  ·  RSS (High+Critical only)

About “VMware vCenter Server”

A curated feed of “VMware vCenter Server”-related CVEs appears below. We currently track 129 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 6.9 (all time; 7.1 over 365d), and 53% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-863 - Incorrect Authorization.

In our taxonomy this topic maps to a MODERATE impact class. Virtualization and VDI management can impact many hosts at once. Patch the management plane first, restrict management networks, and verify backup or snapshot workflows. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2012-10-05
Medium

CVE-2012-5050

Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2012-03-16
Medium

CVE-2012-1513

The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows…

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2012-03-13
Medium

CVE-2012-1472

VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified…

CVSS: 6.4 CWE: CWE-20 - Improper Input Validation View on NVD
2011-11-19
Medium

CVE-2011-4404

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directo…

CVSS: 5.0 CWE: CWE-16 View on NVD
2011-05-09
Medium

CVE-2011-1789

The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1…

CVSS: 5.0 CWE: CWE-310 View on NVD
Low

CVE-2011-1788

vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2011-0426

Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbit…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-02-16
Low

CVE-2010-2928

The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this f…

CVSS: 2.1 CWE: CWE-255 View on NVD
2009-12-16
Medium

CVE-2009-3731

Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; V…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD