Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-1000027

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-02 Jan, 2020 | 00:00
Updated At-06 Aug, 2024 | 03:47
Rejected At-
Credits

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:02 Jan, 2020 | 00:00
Updated At:06 Aug, 2024 | 03:47
Rejected At:
▼CVE Numbering Authority (CNA)

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.tenable.com/security/research/tra-2016-20
N/A
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
N/A
https://security-tracker.debian.org/tracker/CVE-2016-1000027
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
N/A
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
N/A
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
N/A
https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
N/A
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
N/A
https://security.netapp.com/advisory/ntap-20230420-0009/
N/A
Hyperlink: https://www.tenable.com/security/research/tra-2016-20
Resource: N/A
Hyperlink: https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
Resource: N/A
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2016-1000027
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
Resource: N/A
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
Resource: N/A
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
Resource: N/A
Hyperlink: https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
Resource: N/A
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20230420-0009/
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.tenable.com/security/research/tra-2016-20
x_transferred
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
x_transferred
https://security-tracker.debian.org/tracker/CVE-2016-1000027
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
x_transferred
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
x_transferred
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
x_transferred
https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
x_transferred
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
x_transferred
https://security.netapp.com/advisory/ntap-20230420-0009/
x_transferred
Hyperlink: https://www.tenable.com/security/research/tra-2016-20
Resource:
x_transferred
Hyperlink: https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
Resource:
x_transferred
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2016-1000027
Resource:
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
Resource:
x_transferred
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
Resource:
x_transferred
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
Resource:
x_transferred
Hyperlink: https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
Resource:
x_transferred
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20230420-0009/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:02 Jan, 2020 | 23:15
Updated At:20 Apr, 2023 | 09:15

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

VMware (Broadcom Inc.)
vmware
>>spring_framework>>Versions before 6.0.0(exclusive)
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-502Primarynvd@nist.gov
CWE ID: CWE-502
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027cve@mitre.org
Issue Tracking
Third Party Advisory
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626cve@mitre.org
Issue Tracking
Third Party Advisory
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417cve@mitre.org
Issue Tracking
Third Party Advisory
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525cve@mitre.org
Issue Tracking
Third Party Advisory
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.jsoncve@mitre.org
Broken Link
Exploit
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2016-1000027cve@mitre.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230420-0009/cve@mitre.org
N/A
https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-nowcve@mitre.org
Release Notes
Third Party Advisory
https://www.tenable.com/security/research/tra-2016-20cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
Source: cve@mitre.org
Resource:
Broken Link
Exploit
Third Party Advisory
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2016-1000027
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20230420-0009/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
Source: cve@mitre.org
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://www.tenable.com/security/research/tra-2016-20
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1215Records found

CVE-2026-41699
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-0.43% / 34.55%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 05:04
Updated-30 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe Deserialization in Spring GraphQL

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Connection) field and the classpath contains specific classes that can be leveraged during deserialization. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_for_graphqlSpring for GraphQL
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-41855
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-0.27% / 18.40%
||
7 Day CHG+0.01%
Published-09 Jun, 2026 | 03:51
Updated-29 Jun, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spring Framework Unsafe Deserialization via Jackson JMS Converters

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_frameworkSpring Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-20864
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-71.65% / 99.34%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-aria_operations_for_logscloud_foundationVMware Aria Operations for Logs (formerly vRealize Log Insight)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-5413
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-4.41% / 90.15%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 19:40
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code.

Action-Not Available
Vendor-Oracle CorporationVMware (Broadcom Inc.)
Product-banking_supply_chain_financeflexcube_private_bankingspring_integrationbanking_corporate_lending_process_managementbanking_credit_facilities_process_managementretail_merchandising_systembanking_virtual_account_managementretail_customer_management_and_segmentation_foundationSpring Integration
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-4914
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-8.83% / 94.56%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-vsphere_data_protectionvSphere Data Protection (VDP)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2015-6934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-5.05% / 91.26%
||
7 Day CHG~0.00%
Published-21 Dec, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_orchestratorvrealize_orchestratorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22955
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-8.09% / 94.11%
||
7 Day CHG+0.50%
Published-13 Apr, 2022 | 17:05
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-vrealize_automationidentity_managerlinux_kernelworkspace_one_accessVMware Workspace ONE Access
CVE-2010-0686
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.18% / 80.13%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-esx_servervirtualcenterservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34051
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-44.67% / 98.62%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 04:11
Updated-02 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-aria_operations_for_logsVMware Aria Operations for Logs
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-22956
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-50.69% / 98.78%
||
7 Day CHG+0.79%
Published-13 Apr, 2022 | 00:00
Updated-13 Feb, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-vrealize_automationidentity_managerlinux_kernelworkspace_one_accessVMware Workspace ONE Access
CWE ID-CWE-287
Improper Authentication
CVE-2022-22954
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 99.99%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-30 Oct, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-05||Apply updates per vendor instructions.

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Linux Kernel Organization, Inc
Product-vrealize_automationidentity_managerworkspace_one_accesslinux_kernelcloud_foundationvrealize_suite_lifecycle_managerVMware Workspace ONE Access and Identity ManagerWorkspace ONE Access and Identity Manager
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-22980
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-16.90% / 96.68%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:56
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-spring_data_mongodbSpring Data MongoDB
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2022-22963
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-99.94% / 99.97%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 00:00
Updated-30 Oct, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-15||Apply updates per vendor instructions.

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Oracle Corporation
Product-sd-wan_edgespring_cloud_functionbanking_cash_managementbanking_virtual_account_managementcommunications_cloud_native_core_automated_test_suiteretail_xstore_point_of_servicefinancial_services_behavior_detection_platformbanking_liquidity_managementbanking_supply_chain_financefinancial_services_enterprise_case_managementmysql_enterprise_monitorcommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositorybanking_branchcommunications_cloud_native_core_policycommunications_cloud_native_core_network_slice_selection_functionbanking_originationbanking_trade_finance_process_managementbanking_corporate_lending_process_managementcommunications_cloud_native_core_security_edge_protection_proxybanking_electronic_data_exchange_for_corporatesbanking_credit_facilities_process_managementcommunications_cloud_native_core_network_function_cloud_native_environmentfinancial_services_analytical_applications_infrastructurecommunications_cloud_native_core_consolecommunications_communications_policy_managementproduct_lifecycle_analyticscommunications_cloud_native_core_network_exposure_functionSpring Cloud FunctionSpring Cloud
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-22972
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-52.81% / 98.84%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 20:18
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-linux_kernelidentity_managervrealize_automationworkspace_one_accessvrealize_suite_lifecycle_managercloud_foundationVMware Workspace ONE Access, Identity Manager and vRealize Automation
CVE-2014-6271
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 99.99%
||
7 Day CHG~0.00%
Published-24 Sep, 2014 | 18:00
Updated-22 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-28||Apply updates per vendor instructions.

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Action-Not Available
Vendor-mageian/aVMware (Broadcom Inc.)NovellIBM CorporationSUSEF5, Inc.GNURed Hat, Inc.Citrix (Cloud Software Group, Inc.)Oracle CorporationApple Inc.QNAP Systems, Inc.openSUSECanonical Ltd.Check Point Software Technologies Ltd.Arista Networks, Inc.Debian GNU/Linux
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerstn6800storwize_v7000_firmwareenterprise_linux_for_ibm_z_systemsbashmageiabig-ip_wan_optimization_managerstorwize_v3500stn7800_firmwarebig-ip_protocol_security_moduleenterprise_linux_serverenterprise_linux_workstationstorwize_v3700storwize_v3700_firmwarebig-ip_global_traffic_managergluster_storage_server_for_on-premisebig-ip_edge_gatewayopensusestorwize_v3500_firmwareenterprise_managertraffix_signaling_delivery_controllerbig-iq_devicevcenter_server_applianceenterprise_linux_desktopstn7800san_volume_controllerlinux_enterprise_serversecurity_access_manager_for_web_8.0_firmwareenterprise_linux_server_aussan_volume_controller_firmwaresoftware_defined_network_for_virtual_environmentsbig-iq_cloudlinux_enterprise_software_development_kitnetscaler_sdxqtsbig-ip_analyticsbig-ip_local_traffic_managerstudio_onsitebig-ip_access_policy_managerlinuxinfosphere_guardium_database_activity_monitoringqradar_risk_managerubuntu_linuxarxeosenterprise_linux_server_tusbig-iq_securityqradar_vulnerability_managerstn6500enterprise_linux_server_from_rhuistn6800_firmwareflex_system_v7000flex_system_v7000_firmwarenetscaler_sdx_firmwarestn6500_firmwarestorwize_v5000security_access_manager_for_mobile_8.0_firmwarestarter_kit_for_cloudenterprise_linux_eusvirtualizationsecurity_access_manager_for_web_7.0_firmwaresmartcloud_entry_appliancebig-ip_application_security_managerdebian_linuxlinux_enterprise_desktopmac_os_xzenworks_configuration_managementesxbig-ip_webacceleratorenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianworkload_deployerqradar_security_information_and_event_managerarx_firmwarestorwize_v5000_firmwaresecurity_gatewaybig-ip_policy_enforcement_managersmartcloud_provisioningpureapplication_systemstorwize_v7000open_enterprise_serverenterprise_linux_for_scientific_computingbig-ip_link_controllerenterprise_linuxn/aBourne-Again Shell (Bash)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-40974
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5||MEDIUM
EPSS-0.18% / 7.97%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 23:31
Updated-14 May, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); Cassandra SSL auto-configuration. Versions that are no longer supported are also affected per vendor advisory.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_bootSpring Boot
CWE ID-CWE-295
Improper Certificate Validation
CVE-2014-3527
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-1.81% / 75.92%
||
7 Day CHG~0.00%
Published-25 May, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_securitySpring Security
CWE ID-CWE-287
Improper Authentication
CVE-2023-34034
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.1||CRITICAL
EPSS-3.46% / 87.61%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 14:16
Updated-01 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-spring_securitySpring Security
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2023-34039
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-63.95% / 99.12%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 17:36
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-aria_operations_for_networksAria Operations for Networks
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-34048
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-99.43% / 99.94%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 04:21
Updated-30 Oct, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-02-12||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
VMware vCenter Server Out-of-Bounds Write Vulnerability

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-vcenter_serverVMware Cloud Foundation (VMware vCenter Server)VMware vCenter Servervcenter_servercloud_foundationvCenter Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-0097
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-1.21% / 64.69%
||
7 Day CHG~0.00%
Published-25 May, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_securitySpring Security
CWE ID-CWE-287
Improper Authentication
CVE-2016-2173
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.26% / 92.70%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Fedora Project
Product-spring_advanced_message_queuing_protocolfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20887
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-98.24% / 99.91%
||
7 Day CHG+0.12%
Published-07 Jun, 2023 | 14:16
Updated-28 Oct, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-13||Apply updates per vendor instructions.

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-aria_operations_for_networksAria Operations for Networks (Formerly vRealize Network Insight)Aria Operations for Networks
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-20893
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-1.25% / 65.71%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 11:52
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-vcenter_serverVMware Cloud Foundation (vCenter Server)VMware vCenter Server (vCenter Server)
CWE ID-CWE-416
Use After Free
CVE-2023-20895
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-1.38% / 68.68%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 11:57
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-vcenter_serverVMware Cloud Foundation (vCenter Server)VMware vCenter Server (vCenter Server)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20892
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-1.85% / 76.50%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 11:47
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VMware vCenter Server heap-overflow vulnerability

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-vcenter_serverVMware Cloud Foundation (vCenter Server)VMware vCenter Server (vCenter Server)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-22738
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 52.75%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 05:21
Updated-10 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_aiSpring AI
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2013-3520
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-55.64% / 98.92%
||
7 Day CHG~0.00%
Published-17 Jun, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_chargeback_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2002-0814
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.70% / 96.03%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-gsx_servern/a
CVE-2022-38651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 50.64%
||
7 Day CHG~0.00%
Published-12 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-hyperic_servern/a
CWE ID-CWE-862
Missing Authorization
CVE-2023-44794
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.96% / 57.32%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.

Action-Not Available
Vendor-dromaran/adromaraVMware (Broadcom Inc.)
Product-sa-tokenspring_bootspring_frameworkn/asa-token
CWE ID-CWE-284
Improper Access Control
CVE-2021-22049
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.67% / 73.99%
||
7 Day CHG~0.00%
Published-24 Nov, 2021 | 16:32
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_serverVMware vCenter Server and VMware Cloud Foundation
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-21986
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-12.92% / 95.83%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 14:04
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_servercloud_foundationVMware vCenter Server and VMware Cloud Foundation
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-21972
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-99.57% / 99.94%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 16:42
Updated-30 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-cloud_foundationvcenter_serverVMware Cloud FoundationVMware vCenter ServervCenter Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21984
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.98% / 78.12%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 11:20
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_business_for_cloudVMware vRealize Business for Cloud
CWE ID-CWE-862
Missing Authorization
CVE-2021-22002
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.21% / 64.62%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 21:02
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-linux_kernelidentity_managerworkspace_one_accessvrealize_suite_lifecycle_managercloud_foundationVMware Workspace ONE Access, Identity Manager and vRealize Automation
CWE ID-CWE-287
Improper Authentication
CVE-2021-21998
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-10.62% / 95.24%
||
7 Day CHG~0.00%
Published-23 Jun, 2021 | 11:10
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-carbon_black_app_controlVMware Carbon Black App Control (AppC)
CWE ID-CWE-287
Improper Authentication
CVE-2014-7169
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-99.94% / 99.97%
||
7 Day CHG~0.00%
Published-25 Sep, 2014 | 01:00
Updated-22 Apr, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-28||Apply updates per vendor instructions.

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Action-Not Available
Vendor-mageian/aVMware (Broadcom Inc.)NovellIBM CorporationSUSEF5, Inc.GNURed Hat, Inc.Citrix (Cloud Software Group, Inc.)Oracle CorporationApple Inc.QNAP Systems, Inc.openSUSECanonical Ltd.Check Point Software Technologies Ltd.Arista Networks, Inc.Debian GNU/Linux
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerstn6800storwize_v7000_firmwareenterprise_linux_for_ibm_z_systemsbashmageiabig-ip_wan_optimization_managerstorwize_v3500stn7800_firmwarebig-ip_protocol_security_moduleenterprise_linux_serverenterprise_linux_workstationstorwize_v3700storwize_v3700_firmwarebig-ip_global_traffic_managergluster_storage_server_for_on-premisebig-ip_edge_gatewayopensusestorwize_v3500_firmwareenterprise_managertraffix_signaling_delivery_controllerbig-iq_devicevcenter_server_applianceenterprise_linux_desktopstn7800san_volume_controllerlinux_enterprise_serversecurity_access_manager_for_web_8.0_firmwareenterprise_linux_server_aussan_volume_controller_firmwaresoftware_defined_network_for_virtual_environmentsbig-iq_cloudlinux_enterprise_software_development_kitnetscaler_sdxqtsbig-ip_analyticsbig-ip_local_traffic_managerstudio_onsitebig-ip_access_policy_managerlinuxinfosphere_guardium_database_activity_monitoringqradar_risk_managerubuntu_linuxarxeosenterprise_linux_server_tusbig-iq_securityqradar_vulnerability_managerstn6500enterprise_linux_server_from_rhuistn6800_firmwareflex_system_v7000flex_system_v7000_firmwarenetscaler_sdx_firmwarestn6500_firmwarestorwize_v5000security_access_manager_for_mobile_8.0_firmwarestarter_kit_for_cloudenterprise_linux_eusvirtualizationsecurity_access_manager_for_web_7.0_firmwaresmartcloud_entry_appliancebig-ip_application_security_managerdebian_linuxlinux_enterprise_desktopmac_os_xzenworks_configuration_managementesxbig-ip_webacceleratorenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianworkload_deployerqradar_security_information_and_event_managerarx_firmwarestorwize_v5000_firmwaresecurity_gatewaybig-ip_policy_enforcement_managersmartcloud_provisioningpureapplication_systemstorwize_v7000open_enterprise_serverenterprise_linux_for_scientific_computingbig-ip_link_controllerenterprise_linuxn/aBourne-Again Shell (Bash)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-31686
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-0.93% / 56.20%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-workspace_one_assistVMware Workspace ONE Assist
CWE ID-CWE-287
Improper Authentication
CVE-2022-31704
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-81.01% / 99.58%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_log_insightvRealize Log Insight (vRLI)
CWE ID-CWE-284
Improper Access Control
CVE-2022-31706
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-87.08% / 99.73%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_log_insightvRealize Log Insight (vRLI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31657
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 62.69%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:07
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)Microsoft Corporation
Product-access_connectorlinux_kernelidentity_manager_connectorone_accesswindowsidentity_managerVMware Workspace ONE Access, Identity Manager and vRealize Automation
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-31691
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-2.39% / 81.93%
||
7 Day CHG~0.00%
Published-04 Nov, 2022 | 00:00
Updated-02 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-cloudfoundry_manifest_yml_supportconcourse_ci_pipeline_editorspring_boot_toolsbosh_editorspring_toolsSpring by VMware
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-31656
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-18.43% / 96.89%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:07
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)Microsoft Corporation
Product-access_connectorlinux_kernelidentity_manager_connectorone_accesswindowsidentity_managerVMware Workspace ONE Access, Identity Manager and vRealize Automation
CVE-2020-3992
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-83.02% / 99.63%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 16:11
Updated-30 Oct, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-cloud_foundationesxiVMware ESXiESXi
CWE ID-CWE-416
Use After Free
CVE-2020-3952
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-90.38% / 99.79%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 13:55
Updated-30 Oct, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_serverVMware vCenter ServervCenter Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-4001
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-2.90% / 85.23%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 15:29
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-sd-wan_orchestratorVMware SD-WAN Orchestrator
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2013-3657
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-3.09% / 86.12%
||
7 Day CHG~0.00%
Published-10 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-esxesxin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-37079
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-22.38% / 97.40%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 05:43
Updated-26 Jan, 2026 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-13||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Action-Not Available
Vendor-n/aBroadcom Inc.VMware (Broadcom Inc.)
Product-vcenter_servercloud_foundationVMware Cloud FoundationVMware vCenter ServerVMware vCenter Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37080
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-12.48% / 95.73%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 05:43
Updated-24 Jan, 2026 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-cloud_foundationvcenter_serverVMware Cloud FoundationVMware vCenter Servervcenter_servercloud_foundation
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 24
  • 25
  • Next
Details not found