COOEY // HUBcompliance · community · intelligence

FAIL › dossier

vCenter Server product

9
failure events
0
zero-days
3
RCEs
9
on KEV
3
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 9 events

DateEventSevFlagsShameSummary
2021-11-03 CVE-2021-21972 critical ⚡RCE ⌖KEV 95 VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.
2021-11-03 CVE-2021-21985 critical ⚡RCE ⌖KEV 95 VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.
2021-11-03 CVE-2021-22005 critical ⌖KEV 80 VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.
2024-01-22 CVE-2023-34048 high ⚡RCE ⌖KEV 65 VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.
2024-11-20 CVE-2024-38813 high ⌖KEV 50 VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.
2024-11-20 CVE-2024-38812 high ⌖KEV 50 VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet.
2024-07-17 CVE-2022-22948 high ⌖KEV 50 VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.
2022-01-10 CVE-2021-22017 high ⌖KEV 50 Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.
2021-11-03 CVE-2020-3952 high ⌖KEV 50 VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to e