This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Vmware First view 2016-04-15
Product Vcloud Director Last view 2020-05-20
Version 5.5.5 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:vmware:vcloud_director

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2020-05-20 CVE-2020-3956

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

9.8 2019-04-01 CVE-2019-5523

VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.

7.6 2016-04-15 CVE-2016-2076

Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-384 Session Fixation
33% (1) CWE-287 Improper Authentication
33% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Snort® IPS/IDS

Date Description
2020-07-21 VMWare Cloud Director Java expression language injection attempt
RuleID : 54319 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

id Description
2016-04-26 Name: A virtualization management application installed on the remote host is affec...
File: vmware_vcenter_vmsa-2016-0004.nasl - Type: ACT_GATHER_INFO
2016-04-26 Name: A virtualization appliance installed on the remote host is affected by a sess...
File: vmware_vcloud_director_vmsa-2016-0004.nasl - Type: ACT_GATHER_INFO