This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Vmware First view 2014-01-17
Product Vcloud Director Last view 2020-05-20
Version 5.1.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:vmware:vcloud_director

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2020-05-20 CVE-2020-3956

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

9.8 2019-04-01 CVE-2019-5523

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.

6.8 2014-01-17 CVE-2014-1211

Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-384 Session Fixation
33% (1) CWE-352 Cross-Site Request Forgery (CSRF)
33% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Snort® IPS/IDS

Date Description
2020-07-21 VMWare Cloud Director Java expression language injection attempt
RuleID : 54319 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

id Description
2014-01-24 Name: A virtualization appliance installed on the remote host is affected by a cros...
File: vmware_vcloud_director_vmsa-2014-0001.nasl - Type: ACT_GATHER_INFO
2014-01-17 Name: The remote VMware ESXi / ESX host is missing a security-related patch.
File: vmware_VMSA-2014-0001.nasl - Type: ACT_GATHER_INFO