Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-1000027

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-02 Jan, 2020 | 00:00
Updated At-06 Aug, 2024 | 03:47
Rejected At-
Credits

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:02 Jan, 2020 | 00:00
Updated At:06 Aug, 2024 | 03:47
Rejected At:
▼CVE Numbering Authority (CNA)

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.tenable.com/security/research/tra-2016-20
N/A
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
N/A
https://security-tracker.debian.org/tracker/CVE-2016-1000027
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
N/A
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
N/A
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
N/A
https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
N/A
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
N/A
https://security.netapp.com/advisory/ntap-20230420-0009/
N/A
Hyperlink: https://www.tenable.com/security/research/tra-2016-20
Resource: N/A
Hyperlink: https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
Resource: N/A
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2016-1000027
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
Resource: N/A
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
Resource: N/A
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
Resource: N/A
Hyperlink: https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
Resource: N/A
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20230420-0009/
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.tenable.com/security/research/tra-2016-20
x_transferred
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
x_transferred
https://security-tracker.debian.org/tracker/CVE-2016-1000027
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
x_transferred
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
x_transferred
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
x_transferred
https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
x_transferred
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
x_transferred
https://security.netapp.com/advisory/ntap-20230420-0009/
x_transferred
Hyperlink: https://www.tenable.com/security/research/tra-2016-20
Resource:
x_transferred
Hyperlink: https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
Resource:
x_transferred
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2016-1000027
Resource:
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
Resource:
x_transferred
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
Resource:
x_transferred
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
Resource:
x_transferred
Hyperlink: https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
Resource:
x_transferred
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20230420-0009/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:02 Jan, 2020 | 23:15
Updated At:20 Apr, 2023 | 09:15

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

VMware (Broadcom Inc.)
vmware
>>spring_framework>>Versions before 6.0.0(exclusive)
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-502Primarynvd@nist.gov
CWE ID: CWE-502
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027cve@mitre.org
Issue Tracking
Third Party Advisory
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626cve@mitre.org
Issue Tracking
Third Party Advisory
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417cve@mitre.org
Issue Tracking
Third Party Advisory
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525cve@mitre.org
Issue Tracking
Third Party Advisory
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.jsoncve@mitre.org
Broken Link
Exploit
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2016-1000027cve@mitre.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230420-0009/cve@mitre.org
N/A
https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-nowcve@mitre.org
Release Notes
Third Party Advisory
https://www.tenable.com/security/research/tra-2016-20cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
Source: cve@mitre.org
Resource:
Broken Link
Exploit
Third Party Advisory
Hyperlink: https://security-tracker.debian.org/tracker/CVE-2016-1000027
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20230420-0009/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
Source: cve@mitre.org
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://www.tenable.com/security/research/tra-2016-20
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1215Records found

CVE-2019-5523
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-3.26% / 86.83%
||
7 Day CHG~0.00%
Published-01 Apr, 2019 | 17:11
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-vcloud_directorVMware vCloud Director for Service Providers (vCD)
CWE ID-CWE-384
Session Fixation
CVE-2019-5544
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-96.82% / 99.88%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 15:54
Updated-30 Oct, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Action-Not Available
Vendor-openslpn/aVMware (Broadcom Inc.)Fedora ProjectRed Hat, Inc.
Product-openslpenterprise_linux_for_ibm_z_systemsenterprise_linux_serveresxienterprise_linux_for_power_little_endianenterprise_linux_desktophorizon_daasenterprise_linux_workstationenterprise_linux_for_power_big_endian_eusenterprise_linux_server_ausenterprise_linux_server_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endianenterprise_linux_server_tusfedoraESXi and Horizon DaaSVMware ESXi and Horizon DaaS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-2448
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.50% / 87.75%
||
7 Day CHG~0.00%
Published-04 May, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-esxesxin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-3772
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-3.00% / 85.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spring Integration XML External Entity Injection (XXE)

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Action-Not Available
Vendor-Oracle CorporationVMware (Broadcom Inc.)
Product-spring_integrationretail_customer_management_and_segmentation_foundationSpring Integration
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2010-0211
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-29.24% / 97.94%
||
7 Day CHG~0.00%
Published-27 Jul, 2010 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Action-Not Available
Vendor-openldapn/aApple Inc.openSUSEVMware (Broadcom Inc.)
Product-mac_os_xesxiopenldapmac_os_x_serveropensusen/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2019-11272
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.3||HIGH
EPSS-1.37% / 68.57%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 14:06
Updated-12 Sep, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PlaintextPasswordEncoder authenticates encoded passwords that are null

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".

Action-Not Available
Vendor-VMware (Broadcom Inc.)Debian GNU/Linux
Product-debian_linuxspring_securitySpring Security
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-34060
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.34% / 67.97%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 20:20
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5).

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-photon_oscloud_directorVMware Cloud Director Appliance (VCD Appliance)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-6968
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-10||CRITICAL
EPSS-5.06% / 91.28%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 22:00
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-airwatch_agentAirWatch Agent
CVE-2018-6959
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-2.07% / 79.14%
||
7 Day CHG~0.00%
Published-13 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-vrealize_automationvRealize Automation
CWE ID-CWE-384
Session Fixation
CVE-2026-22738
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 52.77%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 05:21
Updated-10 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_aiSpring AI
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2018-1270
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-77.24% / 99.50%
||
7 Day CHG~0.00%
Published-06 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.Oracle CorporationDebian GNU/Linux
Product-communications_diameter_signaling_routerinsurance_rules_paletteretail_central_officetape_library_acslsretail_back_officeretail_customer_insightsprimavera_gatewayretail_integration_busretail_returns_managementfuseretail_point-of-salehealthcare_master_person_indexcommunications_performance_intelligence_centerspring_frameworkservice_architecture_leveraging_tuxedodebian_linuxapplication_testing_suitehealth_sciences_information_managerretail_order_brokercommunications_converged_application_servergoldengate_for_big_dataretail_xstore_point_of_servicebig_data_discoveryinsurance_calculation_engineretail_open_commerce_platformenterprise_manager_ops_centercommunications_services_gatekeeperretail_predictive_application_serverSpring Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2024-38813
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-16.68% / 96.64%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 17:13
Updated-31 Oct, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-12-11||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Privilege escalation vulnerability

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Broadcom Inc.
Product-cloud_foundationvcenter_serverVMware Cloud FoundationVMware vCenter Servervmware_cloud_foundationvmware_center_servervCenter Server
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-273
Improper Check for Dropped Privileges
CVE-2023-20894
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-33.95% / 98.19%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 11:54
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-vcenter_serverVMware Cloud Foundation (vCenter Server)VMware vCenter Server (vCenter Server)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20873
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 62.23%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 00:00
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-spring_bootSpring Boot
CVE-2017-8046
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-72.78% / 99.38%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 06:00
Updated-26 Jun, 2026 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_bootspring_data_restPivotal Spring Data REST and Spring Boot
CWE ID-CWE-20
Improper Input Validation
CVE-2017-4907
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-3.76% / 88.59%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-unified_access_gatewayhorizon_viewHorizon ViewUnified Access Gateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-31702
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.61% / 72.96%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_network_insightVMware vRealize Network Insight (vRNI)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-31692
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-3.43% / 87.46%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 00:00
Updated-06 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

Action-Not Available
Vendor-n/aNetApp, Inc.VMware (Broadcom Inc.)
Product-spring_securityactive_iq_unified_managerSpring by VMware
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-31689
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 52.87%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-workspace_one_assistVMware Workspace ONE Assist
CWE ID-CWE-384
Session Fixation
CVE-2016-5336
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.47%
||
7 Day CHG~0.00%
Published-31 Aug, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_automationn/a
CVE-2021-26987
Matching Score-8
Assigner-NetApp, Inc.
ShareView Details
Matching Score-8
Assigner-NetApp, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.44% / 82.30%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 21:28
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)NetApp, Inc.
Product-solidfire_\&_hci_management_nodeelement_plug-in_for_vcenter_serverspring_bootmanagement_services_for_element_software_and_netapp_hciNetApp SolidFire & HCI Management NodeElement Plug-in for vCenter ServerManagement Services for Element Software and NetApp HCI
CVE-2022-22978
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-10.04% / 95.05%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 00:00
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)NetApp, Inc.Oracle Corporation
Product-financial_services_crime_and_compliance_management_studiospring_securityactive_iq_unified_managerSpring Security
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-1275
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-57.63% / 98.96%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 13:00
Updated-17 Sep, 2024 | 02:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Action-Not Available
Vendor-Oracle CorporationVMware (Broadcom Inc.)
Product-communications_diameter_signaling_routerinsurance_rules_paletteretail_customer_insightstape_library_acslsprimavera_gatewayhealthcare_master_person_indexcommunications_performance_intelligence_centerspring_frameworkservice_architecture_leveraging_tuxedohealth_sciences_information_managerretail_order_brokercommunications_converged_application_servergoldengate_for_big_databig_data_discoveryinsurance_calculation_engineretail_open_commerce_platformapplication_testing_suitecommunications_services_gatekeeperretail_predictive_application_serverSpring Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2007-5360
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.33% / 96.37%
||
7 Day CHG~0.00%
Published-08 Jan, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003.

Action-Not Available
Vendor-openpegasusn/aVMware (Broadcom Inc.)
Product-esxmanagement_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-37084
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-35.21% / 98.24%
||
7 Day CHG~0.00%
Published-25 Jul, 2024 | 09:17
Updated-26 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2024-37084: Remote code execution in Spring Cloud Data Flow

In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_cloud_data_flowSpring Cloud Data Flowspring_cloud_data_flow
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-38812
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-54.14% / 98.88%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 17:13
Updated-31 Oct, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-12-11||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Heap-overflow vulnerability

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Broadcom Inc.
Product-cloud_foundationvcenter_serverVMware Cloud FoundationVMware vCenter Servervmware_cloud_foundationvmware_vcenter_servervCenter Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21994
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 63.20%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 18:05
Updated-31 Oct, 2025 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-cloud_foundationesxiVMware ESXi and VMware Cloud Foundation
CWE ID-CWE-287
Improper Authentication
CVE-2021-21978
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-98.95% / 99.92%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 17:44
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-view_plannerVMware View Planner
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22005
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 100.00%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 11:37
Updated-30 Oct, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-cloud_foundationvcenter_serverVMware vCenter Server, VMware Cloud FoundationvCenter Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21985
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 99.99%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 14:04
Updated-30 Oct, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_servercloud_foundationVMware vCenter Server and VMware Cloud FoundationvCenter Server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2010-1205
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-43.38% / 98.57%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Action-Not Available
Vendor-libpngn/aCanonical Ltd.Apple Inc.openSUSEGoogle LLCSUSEMozilla CorporationDebian GNU/LinuxVMware (Broadcom Inc.)Fedora Project
Product-thunderbirddebian_linuxubuntu_linuxseamonkeymac_os_xlinux_enterprise_serverfedorachromemac_os_x_serverworkstationitunesfirefoxplayerlibpngiphone_ossafariopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-5426
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-8.6||HIGH
EPSS-0.70% / 48.59%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 17:05
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Scheduler for TAS can transmit privileged UAA token in plaintext

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-pivotal_schedulerPivotal Scheduler
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-3943
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-2.33% / 81.46%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 20:04
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Microsoft Corporation
Product-windowsvrealize_operationsvRealize Operations for Horizon Adapter
CVE-2018-1273
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-95.65% / 99.86%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 13:00
Updated-26 Jun, 2026 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

Action-Not Available
Vendor-VMware (Broadcom Inc.)The Apache Software FoundationOracle CorporationBroadcom Inc.
Product-financial_services_crime_and_compliance_management_studiospring_data_commonsignitespring_data_restSpring FrameworkSpring Data Commons
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-31685
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 57.02%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-workspace_one_assistVMware Workspace ONE Assist
CWE ID-CWE-287
Improper Authentication
CVE-2022-31687
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 52.87%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-workspace_one_assistVMware Workspace ONE Assist
CWE ID-CWE-284
Improper Access Control
CVE-2022-22965
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-99.68% / 99.95%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-30 Oct, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-25||Apply updates per vendor instructions.

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Cisco Systems, Inc.Siemens AGOracle CorporationVeritas Technologies LLC
Product-sd-wan_edgecx_cloud_agentretail_xstore_point_of_servicesipass_integratedoperation_schedulerretail_integration_busretail_customer_management_and_segmentation_foundationcommunications_cloud_native_core_binding_support_functionnetbackup_virtual_appliancecommunications_cloud_native_core_policycommunications_cloud_native_core_network_slice_selection_functioncommunications_cloud_native_core_network_function_cloud_native_environmentfinancial_services_analytical_applications_infrastructurecommunications_cloud_native_core_network_exposure_functionsinec_network_management_systemweblogic_serverretail_bulk_data_integrationnetbackup_flex_scale_appliancesiveillance_identitynetbackup_appliancecommerce_platformsimatic_speech_assistant_for_machinesfinancial_services_behavior_detection_platformcommunications_cloud_native_core_automated_test_suiteretail_merchandising_systemcommunications_policy_managementfinancial_services_enterprise_case_managementretail_financial_integrationflex_appliancemysql_enterprise_monitorcommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryjdkcommunications_unified_inventory_managementaccess_appliancecommunications_cloud_native_core_security_edge_protection_proxyspring_frameworkcommunications_cloud_native_core_consoleproduct_lifecycle_analyticsSpring FrameworkSpring Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-4901
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.9||CRITICAL
EPSS-19.94% / 97.11%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-fusionworkstationFusion Pro / FusionWorkstation Pro/Player
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-22958
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.2||HIGH
EPSS-2.95% / 85.48%
||
7 Day CHG+0.08%
Published-13 Apr, 2022 | 17:05
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-linux_kernelidentity_managervrealize_automationworkspace_one_accessvrealize_suite_lifecycle_managercloud_foundationVMware Workspace ONE Access, Identity Manager and vRealize Automation.
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40993
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.3||HIGH
EPSS-0.20% / 9.74%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:46
Updated-27 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively). Affected versions: Spring Security 7.0.0 through 7.0.5.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_securitySpring Security
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-41731
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-0.49% / 38.54%
||
7 Day CHG+0.15%
Published-09 Jun, 2026 | 23:49
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization

JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted header values that caused the consumer to deserialize arbitrary JDK types. Affected versions: Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.
Product-spring_for_apache_kafkaSpring for Apache KafkaRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat Fuse 7
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-41732
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-0.35% / 26.72%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:49
Updated-27 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization

JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default allow-list. Affected versions: Spring for Apache Pulsar 2.0.0 through 2.0.5; 1.2.0 through 1.2.17; 1.1.0 through 1.1.17.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_for_apache_pulsarSpring for Apache Pulsar
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-20878
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.2||HIGH
EPSS-1.00% / 58.56%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-27 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_operationscloud_foundationVMware Aria Operations (formerly vRealize Operations)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-20888
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-82.28% / 99.62%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 14:18
Updated-07 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_network_insightAria Operations for Networks (Formerly vRealize Network Insight)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-38650
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.82% / 52.81%
||
7 Day CHG~0.00%
Published-12 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-hyperic_servern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-31710
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-1.47% / 70.58%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_log_insightvRealize Log Insight (vRLI)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-31680
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-9.1||CRITICAL
EPSS-33.06% / 98.16%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_serverVMware vCenter Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-11286
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-9||CRITICAL
EPSS-1.79% / 75.62%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 19:40
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JMX Credential Deserialization in GemFire

VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-tanzu_gemfire_for_virtual_machinesgemfireVMware Tanzu GemFire for VMsVMware GemFire
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-34052
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.20% / 10.54%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 04:11
Updated-12 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-aria_operations_for_logsVMware Aria Operations for Logs
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-34040
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-5.3||MEDIUM
EPSS-2.16% / 79.99%
||
7 Day CHG~0.00%
Published-24 Aug, 2023 | 12:59
Updated-01 Oct, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Java Deserialization vulnerability in Spring-Kafka When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_for_apache_kafkaSpring For Apache Kafka
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 24
  • 25
  • Next
Details not found