CVE-2020-3956

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-917
View all →

Vulnerability Description

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

Related Vulnerabilities

CVE-2010-1871

HIGH
CVSS:8.8(High)

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows rem...

CWE-9172010

CVE-2019-11942

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-11943

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-11948

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-11951

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-11952

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019