Lucene search

K

Cloud Automation Manager Security Vulnerabilities

cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2890
In Wild
cve
cve

CVE-2022-39399

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS

3.9AI Score

0.001EPSS

2022-10-18 09:15 PM
114
5
cve
cve

CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

3.7CVSS

4AI Score

0.002EPSS

2022-10-18 09:15 PM
296
7
cve
cve

CVE-2022-21626

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable...

5.3CVSS

5.1AI Score

0.002EPSS

2022-10-18 09:15 PM
291
5
cve
cve

CVE-2022-21628

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0......

5.3CVSS

5AI Score

0.002EPSS

2022-10-18 09:15 PM
296
14
cve
cve

CVE-2022-21618

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS

4.8AI Score

0.001EPSS

2022-10-18 09:15 PM
151
7
cve
cve

CVE-2022-21619

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

3.7CVSS

3.9AI Score

0.002EPSS

2022-10-18 09:15 PM
266
8
cve
cve

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB...

4.9CVSS

5.1AI Score

0.001EPSS

2022-09-01 09:15 PM
73
5
cve
cve

CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS

7.3AI Score

0.003EPSS

2022-08-31 04:15 PM
110
4
cve
cve

CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for...

7.5CVSS

6.3AI Score

0.001EPSS

2022-08-31 04:15 PM
69
4
cve
cve

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to...

9.8CVSS

9.1AI Score

0.574EPSS

2022-05-20 09:15 PM
111
In Wild
10
cve
cve

CVE-2022-21449

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...

7.5CVSS

6.9AI Score

0.001EPSS

2022-04-19 09:15 PM
1077
4
cve
cve

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to...

7.8CVSS

8.7AI Score

0.001EPSS

2022-04-13 06:15 PM
1028
In Wild
2
cve
cve

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC...

4.3CVSS

6.5AI Score

0.001EPSS

2022-04-13 06:15 PM
138
cve
cve

CVE-2022-22958

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in...

7.2CVSS

8.6AI Score

0.02EPSS

2022-04-13 06:15 PM
88
cve
cve

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...

5.3CVSS

6.8AI Score

0.001EPSS

2022-04-13 06:15 PM
116
2
cve
cve

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in...

7.2CVSS

8.6AI Score

0.02EPSS

2022-04-13 06:15 PM
215
cve
cve

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code...

9.8CVSS

9.8AI Score

0.974EPSS

2022-04-11 08:15 PM
1077
In Wild
5
cve
cve

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested...

7.5CVSS

7.4AI Score

0.002EPSS

2022-03-11 07:15 AM
341
11
cve
cve

CVE-2022-21349

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS

4.7AI Score

0.001EPSS

2022-01-19 12:15 PM
190
2
cve
cve

CVE-2022-21360

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS

4.8AI Score

0.002EPSS

2022-01-19 12:15 PM
200
2
cve
cve

CVE-2022-21366

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS

4.7AI Score

0.001EPSS

2022-01-19 12:15 PM
192
2
cve
cve

CVE-2022-21365

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS

4.8AI Score

0.002EPSS

2022-01-19 12:15 PM
212
4
cve
cve

CVE-2022-21340

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS

4.8AI Score

0.001EPSS

2022-01-19 12:15 PM
219
4
cve
cve

CVE-2022-21341

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable...

5.3CVSS

4.8AI Score

0.002EPSS

2022-01-19 12:15 PM
214
2
cve
cve

CVE-2022-21305

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS

4.7AI Score

0.002EPSS

2022-01-19 12:15 PM
247
3
cve
cve

CVE-2022-21291

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS

4.7AI Score

0.002EPSS

2022-01-19 12:15 PM
227
4
cve
cve

CVE-2022-21299

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows.....

5.3CVSS

4.9AI Score

0.002EPSS

2022-01-19 12:15 PM
227
4
cve
cve

CVE-2022-21296

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows.....

5.3CVSS

4.5AI Score

0.002EPSS

2022-01-19 12:15 PM
213
2
cve
cve

CVE-2022-21293

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS

4.8AI Score

0.002EPSS

2022-01-19 12:15 PM
226
3
cve
cve

CVE-2022-21294

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS

4.8AI Score

0.002EPSS

2022-01-19 12:15 PM
194
3
cve
cve

CVE-2022-21277

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS

4.7AI Score

0.001EPSS

2022-01-19 12:15 PM
187
2
cve
cve

CVE-2022-21283

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS

4.8AI Score

0.001EPSS

2022-01-19 12:15 PM
199
2
cve
cve

CVE-2022-21282

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows.....

5.3CVSS

4.5AI Score

0.002EPSS

2022-01-19 12:15 PM
224
2
cve
cve

CVE-2022-21271

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS

4.6AI Score

0.001EPSS

2022-01-19 12:15 PM
138
2
cve
cve

CVE-2022-21248

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit...

3.7CVSS

3.8AI Score

0.001EPSS

2022-01-19 12:15 PM
229
4
cve
cve

CVE-2021-38900

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID:...

6.5CVSS

6.1AI Score

0.001EPSS

2021-12-21 07:15 PM
28
cve
cve

CVE-2021-38893

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS

5.2AI Score

0.001EPSS

2021-12-21 07:15 PM
26
cve
cve

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

7.5CVSS

9.1AI Score

0.975EPSS

2021-12-14 12:15 PM
783
In Wild
15
cve
cve

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message....

10CVSS

9.8AI Score

0.975EPSS

2021-12-10 10:15 AM
3600
In Wild
399
cve
cve

CVE-2021-22002

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in...

9.8CVSS

9.3AI Score

0.003EPSS

2021-08-31 10:15 PM
52
cve
cve

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS

9.7AI Score

0.068EPSS

2021-08-24 03:15 PM
503
28
cve
cve

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID:...

4.3CVSS

4.4AI Score

0.001EPSS

2021-06-28 04:15 PM
21
cve
cve

CVE-2021-34428

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a sess...

3.5CVSS

3.9AI Score

0.002EPSS

2021-06-22 03:15 PM
155
In Wild
13
cve
cve

CVE-2021-22901

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client....

8.1CVSS

8.2AI Score

0.073EPSS

2021-06-11 04:15 PM
172
8
cve
cve

CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

8.6CVSS

8.4AI Score

0.012EPSS

2021-05-19 02:15 PM
425
11
cve
cve

CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can....

5.3CVSS

5.2AI Score

0.064EPSS

2021-04-01 03:15 PM
297
16
cve
cve

CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS...

7.5CVSS

7.3AI Score

0.802EPSS

2021-04-01 03:15 PM
403
17
cve
cve

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

2.7CVSS

5.1AI Score

0.001EPSS

2021-04-01 03:15 PM
227
In Wild
16
cve
cve

CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as...

7.4CVSS

7.4AI Score

0.002EPSS

2021-03-25 03:15 PM
444
73
Total number of security vulnerabilities137