VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HVMware Aria Operations
APPVmware8.0 – 8.18.7 (bez)VMware Cloud Foundation
APPVmware9.19.0 – 9.0.2.0 (bez)5.0 – 8.18.7 (bez)VMware Telco Cloud Platform
APPVmware5.0 – 5.1VMware vSphere
APPVmware9.19.0 – 9.0.2.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
Powiązane podatności
CVE-2025-22224CRITICAL9.3⚠ KEVPL ✓ten sam produkt
VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process
CVE-2024-38812CRITICAL9.8⚠ KEVPL ✓ten sam produkt
VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE
CVE-2024-37079CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Heap overflow w VMware vCenter Server via protokół DCERPC — RCE
CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...
CVE-2021-22005CRITICAL9.8⚠ KEVten sam produkt
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...