All the vulnerabilites related to vmware - NSX
cve-2014-3796
Vulnerability from cvelistv5
Published
2014-09-15 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2014-0009.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1030835 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/59938 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95926 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0009.html"
},
{
"name": "1030835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030835"
},
{
"name": "59938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59938"
},
{
"name": "vmware-vcns-cve20143796-info-disc(95926)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0009.html"
},
{
"name": "1030835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030835"
},
{
"name": "59938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59938"
},
{
"name": "vmware-vcns-cve20143796-info-disc(95926)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95926"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0009.html"
},
{
"name": "1030835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030835"
},
{
"name": "59938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59938"
},
{
"name": "vmware-vcns-cve20143796-info-disc(95926)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95926"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3796",
"datePublished": "2014-09-15T14:00:00",
"dateReserved": "2014-05-20T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-41251
Vulnerability from cvelistv5
Published
2025-09-29 18:45
Modified
2025-09-30 03:55
Severity ?
EPSS score ?
Summary
Weak password recovery vulnerability
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:55:13.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSX",
"vendor": "vmware",
"versions": [
{
"status": "affected",
"version": "VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "VMware NSX-T - 3.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "VMware Cloud Foundation (with NSX) - 5.x, 4.5.x",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-29T18:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\u003cbr\u003e\u003cb\u003e\u003cbr\u003eImpact:\u003c/b\u003e\u0026nbsp;Username enumeration \u2192 credential brute force risk.\u003cbr\u003e\u003cb\u003eAttack Vector:\u003c/b\u003e\u0026nbsp;Remote, unauthenticated.\u003cbr\u003e\u003cb\u003eSeverity:\u003c/b\u003e\u0026nbsp;Important.\u003cbr\u003e\u003cb\u003eCVSSv3:\u003c/b\u003e\u0026nbsp;8.1 (High).\u003cbr\u003e\u003cb\u003e\u003cbr\u003eAcknowledgments:\u003c/b\u003e\u0026nbsp;Reported by the National Security Agency.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAffected Products:\u003c/b\u003e\u003cp\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003c/p\u003eNSX-T 3.x\u003cbr\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFixed Versions:\u003c/b\u003e NSX 9.0.1.0; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003cb\u003eWorkarounds:\u003c/b\u003e None.\u003cbr\u003e\u003cul\u003e\n\u003c/ul\u003e\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\n\nImpact:\u00a0Username enumeration \u2192 credential brute force risk.\nAttack Vector:\u00a0Remote, unauthenticated.\nSeverity:\u00a0Important.\nCVSSv3:\u00a08.1 (High).\n\nAcknowledgments:\u00a0Reported by the National Security Agency.\n\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\nNSX-T 3.x\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\nFixed Versions: NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\nWorkarounds: None."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T18:45:16.614Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak password recovery vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41251",
"datePublished": "2025-09-29T18:45:16.614Z",
"dateReserved": "2025-04-16T09:30:25.625Z",
"dateUpdated": "2025-09-30T03:55:13.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-41252
Vulnerability from cvelistv5
Published
2025-09-29 19:02
Modified
2025-09-29 19:14
Severity ?
EPSS score ?
Summary
Username enumeration vulnerability
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T19:14:25.259914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T19:14:38.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSX",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "VMware NSX-T 3.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "VMware Cloud Foundation (with NSX) 5.x, 4.5.x"
},
{
"status": "unaffected",
"version": "VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003eDescription: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\u003c/p\u003e\n\u003cp\u003eImpact: Username enumeration \u2192 facilitates unauthorized access.\u003c/p\u003e\n\u003cp\u003eAttack Vector: Remote, unauthenticated.\u003c/p\u003e\n\u003cp\u003eSeverity: Important.\u003c/p\u003e\n\u003cp\u003eCVSSv3: 7.5 (High).\u003c/p\u003e\n\u003cp\u003eAcknowledgments: Reported by the National Security Agency.\u003c/p\u003e\n\u003cp\u003eAffected Products:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003cbr\u003e\u003c/li\u003e\u003cli\u003eNSX-T 3.x\u003cbr\u003e\u003c/li\u003e\u003cli\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\u003cp\u003eFixed Versions:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNSX 9.0.1.0; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eWorkarounds: None.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\n\n\nImpact: Username enumeration \u2192 facilitates unauthorized access.\n\n\nAttack Vector: Remote, unauthenticated.\n\n\nSeverity: Important.\n\n\nCVSSv3: 7.5 (High).\n\n\nAcknowledgments: Reported by the National Security Agency.\n\n\nAffected Products:\n\n\n\n * VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\n * NSX-T 3.x\n\n * VMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\n\n\n\n\n\n\n\n\n\n\n\nFixed Versions:\u00a0\n\n\n\n * NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\n\n\n\n\n\n\nWorkarounds: None."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T19:02:07.283Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Username enumeration vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41252",
"datePublished": "2025-09-29T19:02:07.283Z",
"dateReserved": "2025-04-16T09:30:25.625Z",
"dateUpdated": "2025-09-29T19:14:38.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}