Skip to content
Threat Feed
Subscribe

Tag

Vmware

14 briefs RSS
medium advisory

ESXi External Root Login Detection

This detection identifies instances where the ESXi UI is accessed using the root account instead of a delegated administrative user, which bypasses role-based access controls and may indicate risky behavior or unauthorized activity.

ESXi +3 vmware root_login privilege_escalation
2r 1t
medium threat

VMware Tanzu Spring Framework Denial of Service Vulnerability

A remote, anonymous attacker can exploit a vulnerability in VMware Tanzu Spring Framework to perform a denial of service attack.

Tanzu Spring Framework denial-of-service vmware tanzu
1r 1t
medium advisory

VMware Tanzu Spring Framework Security Bypass Vulnerability

A remote, anonymous attacker can exploit a vulnerability in VMware Tanzu Spring Framework to bypass security measures.

Tanzu Spring Framework security-bypass vmware spring-framework
2r 1t
medium advisory

Broadcom Tanzu Jammy Stemcell Vulnerability (CVE-2026-341431)

A vulnerability in Broadcom's Tanzu Jammy Stemcell versions prior to 1.1193, tracked as CVE-2026-341431, requires patching to prevent potential exploitation.

Tanzu Jammy Stemcell vmware tanzu vulnerability
2r 1t
high threat

Broadcom Addresses Critical Vulnerabilities in VMware Tanzu Products

Broadcom released a security advisory addressing critical vulnerabilities in VMware Tanzu Data Lake (versions prior to 4.0.0) and VMware Tanzu Greenplum Platform Extension Framework (versions prior to 8.0.0), requiring immediate patching to prevent potential exploitation.

exploited Tanzu Data Lake +1 vmware tanzu vulnerability
2r
critical advisory

VMware Tanzu Spring Boot Multiple Vulnerabilities

Multiple vulnerabilities in VMware Tanzu Spring Boot allow attackers to execute arbitrary code, bypass security measures, manipulate or disclose sensitive data, or hijack authenticated users.

Tanzu Spring Boot vmware spring-boot vulnerability
2r 4t
medium advisory

VMware Tanzu Spring Framework and Spring Security Vulnerabilities Allow Security Bypass

An anonymous, remote attacker can exploit multiple vulnerabilities in VMware Tanzu Spring Security and VMware Tanzu Spring Framework to bypass security measures.

vmware spring security-bypass web-application
2r 1t
critical advisory

VMware Aria Operations Vulnerabilities Allow Remote Code Execution and Privilege Escalation

Multiple vulnerabilities in VMware Aria Operations, Cloud Foundation, and Telco Cloud Platform/Infrastructure could allow unauthenticated remote code execution (CVE-2026-22719) and privilege escalation (CVE-2026-22720, CVE-2026-22721).

vmware aria-operations rce privilege-escalation
2r 2t
high advisory

ESXi VIB Acceptance Level Tampering Detection

This detection identifies changes to the VIB (vSphere Installation Bundle) acceptance level on an ESXi host, potentially allowing the installation of unsigned or unverified software and lowering the system's integrity enforcement.

ESXi +3 vmware vib tampering post-compromise ransomware
2r
high advisory

ESXi Syslog Configuration Changes via esxcli

Detection of ESXi syslog configuration changes via esxcli command, potentially indicating an attempt to disrupt logging and evade detection.

ESXi +3 syslog vmware defense-evasion t1562.003 t1690 black-basta
2r 1t
high advisory

ESXi Encryption Settings Modification

Detection of modifications to ESXi host encryption settings, such as disabling secure boot or executable verification, which may indicate attempts to weaken hypervisor integrity and allow unauthorized code execution.

ESXi +3 encryption vmware hypervisor attack.persistence
2r
medium advisory

ESXi Download Error Detection

Detection of failed file download attempts on ESXi hosts, potentially indicating unauthorized or malicious activity such as installing or updating components, including VIBs or scripts.

ESXi +3 vmware syslog anomaly T1601.001 T1685 ESXi Post Compromise Black Basta Ransomware Infrastructure +1
2r 2t
high advisory

ESXi Audit Tampering Detection

Detection identifies the use of the esxcli system auditrecords commands to tamper with logging on an ESXi host, potentially evading detection and hindering forensic analysis.

ESXi +3 vmware audit-tampering defense-evasion
2r 1t
high advisory

ESXi Lockdown Mode Disabled

The disabling of Lockdown Mode on an ESXi host may indicate a threat actor attempting to weaken host security controls to enable broader remote access for data exfiltration, lateral movement, or VM tampering.

ESXi +3 vmware lockdown_mode security_controls
2r