This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Vmware First view 2019-04-01
Product Vcloud Director Last view 2020-05-20
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:vmware:vcloud_director

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2020-05-20 CVE-2020-3956

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

9.8 2019-04-01 CVE-2019-5523

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-384 Session Fixation
50% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Snort® IPS/IDS

Date Description
2020-07-21 VMWare Cloud Director Java expression language injection attempt
RuleID : 54319 - Type : SERVER-WEBAPP - Revision : 1