FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2021-11-03 | CVE-2021-21972 | critical | ⚡RCE ⌖KEV | 95 | VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system. |
| 2021-11-03 | CVE-2021-21985 | critical | ⚡RCE ⌖KEV | 95 | VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution. |
| 2021-11-03 | CVE-2021-22005 | critical | ⌖KEV | 80 | VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code. |
| 2024-01-22 | CVE-2023-34048 | high | ⚡RCE ⌖KEV | 65 | VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution. |
| 2024-11-20 | CVE-2024-38813 | high | ⌖KEV | 50 | VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet. |
| 2024-11-20 | CVE-2024-38812 | high | ⌖KEV | 50 | VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet. |
| 2024-07-17 | CVE-2022-22948 | high | ⌖KEV | 50 | VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information. |
| 2022-01-10 | CVE-2021-22017 | high | ⌖KEV | 50 | Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. |
| 2021-11-03 | CVE-2020-3952 | high | ⌖KEV | 50 | VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to e |