Lucene search

K

Workspace Security Vulnerabilities

cve
cve

CVE-2024-2241

Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific...

6.6AI Score

0.0004EPSS

2024-03-07 01:15 PM
33
cve
cve

CVE-2024-1433

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId....

3.1CVSS

4.1AI Score

0.0004EPSS

2024-02-11 11:15 PM
27
cve
cve

CVE-2023-34064

Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive...

4.6CVSS

4.7AI Score

0.001EPSS

2023-12-12 08:15 PM
8
cve
cve

CVE-2023-6588

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when...

6.5CVSS

6.4AI Score

0.0005EPSS

2023-12-07 04:15 PM
8
cve
cve

CVE-2023-20886

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim...

8.8CVSS

6.1AI Score

0.0004EPSS

2023-10-31 09:15 PM
46
cve
cve

CVE-2023-22060

Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion...

7.6CVSS

7.5AI Score

0.0005EPSS

2023-07-18 09:15 PM
20
cve
cve

CVE-2023-24486

A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is...

5.5CVSS

5.5AI Score

0.0004EPSS

2023-07-10 09:15 PM
1847
cve
cve

CVE-2023-30955

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix....

5.4CVSS

5.5AI Score

0.0004EPSS

2023-06-29 07:15 PM
7
cve
cve

CVE-2023-20884

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information...

6.1CVSS

5.9AI Score

0.001EPSS

2023-05-30 04:15 PM
49
cve
cve

CVE-2023-2257

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login"...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-04-24 07:15 PM
18
cve
cve

CVE-2023-20857

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content...

6.8CVSS

6.4AI Score

0.001EPSS

2023-02-28 05:15 PM
46
cve
cve

CVE-2023-24485

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-02-16 06:15 PM
233
cve
cve

CVE-2023-24484

A malicious user can cause log files to be written to a directory that they do not have permission to write...

5.5CVSS

5.9AI Score

0.0004EPSS

2023-02-16 06:15 PM
84
cve
cve

CVE-2022-47412

Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS)...

5.4CVSS

5.1AI Score

0.001EPSS

2023-02-07 08:15 PM
29
cve
cve

CVE-2022-31701

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of...

5.3CVSS

6AI Score

0.001EPSS

2022-12-14 07:15 PM
44
cve
cve

CVE-2022-31700

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...

7.2CVSS

7.3AI Score

0.002EPSS

2022-12-14 07:15 PM
40
cve
cve

CVE-2022-31687

VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the...

9.8CVSS

9.2AI Score

0.002EPSS

2022-11-09 09:15 PM
61
6
cve
cve

CVE-2022-31689

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that...

9.8CVSS

9.2AI Score

0.002EPSS

2022-11-09 09:15 PM
22
4
cve
cve

CVE-2022-31688

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's...

6.1CVSS

6.3AI Score

0.001EPSS

2022-11-09 09:15 PM
25
4
cve
cve

CVE-2022-31686

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the...

9.8CVSS

9.2AI Score

0.002EPSS

2022-11-09 09:15 PM
24
6
cve
cve

CVE-2022-31685

VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the...

9.8CVSS

9.3AI Score

0.002EPSS

2022-11-09 09:15 PM
34
13
cve
cve

CVE-2005-1675

Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 installs the client installation directories with insecure EVERYBODY permissions, which allows local users to gain sensitive...

6.4AI Score

0.0004EPSS

2022-10-03 04:22 PM
21
cve
cve

CVE-2005-1678

Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious...

6.6AI Score

0.001EPSS

2022-10-03 04:22 PM
29
cve
cve

CVE-2005-1676

Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded...

5.8AI Score

0.005EPSS

2022-10-03 04:22 PM
26
cve
cve

CVE-2013-4679

Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating...

6.7AI Score

0.001EPSS

2022-10-03 04:14 PM
15
cve
cve

CVE-2022-22314

IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:...

3.3CVSS

3.4AI Score

0.0004EPSS

2022-09-08 04:15 PM
23
20
cve
cve

CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to...

9.8CVSS

9.1AI Score

0.641EPSS

2022-08-05 04:15 PM
264
11
cve
cve

CVE-2022-31661

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to...

7.8CVSS

8.7AI Score

0.0004EPSS

2022-08-05 04:15 PM
87
4
cve
cve

CVE-2022-31658

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code...

7.2CVSS

8.5AI Score

0.002EPSS

2022-08-05 04:15 PM
126
4
cve
cve

CVE-2022-31665

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code...

7.2CVSS

8.5AI Score

0.002EPSS

2022-08-05 04:15 PM
117
4
cve
cve

CVE-2022-31664

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to...

7.8CVSS

8.7AI Score

0.0004EPSS

2022-08-05 04:15 PM
96
4
cve
cve

CVE-2022-31662

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary...

7.5CVSS

8.4AI Score

0.001EPSS

2022-08-05 04:15 PM
52
3
cve
cve

CVE-2022-31660

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to...

7.8CVSS

8.6AI Score

0.001EPSS

2022-08-05 04:15 PM
59
4
cve
cve

CVE-2022-31663

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's...

6.1CVSS

7.1AI Score

0.001EPSS

2022-08-05 04:15 PM
71
5
cve
cve

CVE-2022-31657

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary...

9.8CVSS

9.2AI Score

0.002EPSS

2022-08-05 04:15 PM
55
3
cve
cve

CVE-2022-31659

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code...

7.2CVSS

8.5AI Score

0.002EPSS

2022-08-05 04:15 PM
132
4
cve
cve

CVE-2022-23745

A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive...

7.5CVSS

7.5AI Score

0.001EPSS

2022-07-18 05:15 PM
45
2
cve
cve

CVE-2022-32145

A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker ...

6.1CVSS

5.8AI Score

0.001EPSS

2022-06-14 10:15 AM
40
3
cve
cve

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to...

9.8CVSS

9.1AI Score

0.574EPSS

2022-05-20 09:15 PM
111
In Wild
10
cve
cve

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to...

7.8CVSS

8.6AI Score

0.0004EPSS

2022-05-20 09:15 PM
96
In Wild
6
cve
cve

CVE-2022-25865

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that....

9.8CVSS

9.9AI Score

0.002EPSS

2022-05-13 08:15 PM
54
4
cve
cve

CVE-2022-22392

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID:...

7.8CVSS

8.1AI Score

0.001EPSS

2022-04-25 04:16 PM
52
cve
cve

CVE-2021-39040

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID:...

8CVSS

8AI Score

0.001EPSS

2022-04-25 04:16 PM
46
cve
cve

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to...

7.8CVSS

8.7AI Score

0.001EPSS

2022-04-13 06:15 PM
1028
In Wild
2
cve
cve

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC...

4.3CVSS

6.5AI Score

0.001EPSS

2022-04-13 06:15 PM
138
cve
cve

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...

5.3CVSS

6.8AI Score

0.001EPSS

2022-04-13 06:15 PM
116
2
cve
cve

CVE-2022-22958

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in...

7.2CVSS

8.6AI Score

0.02EPSS

2022-04-13 06:15 PM
88
cve
cve

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in...

7.2CVSS

8.6AI Score

0.02EPSS

2022-04-13 06:15 PM
215
cve
cve

CVE-2022-22955

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication...

9.8CVSS

9.7AI Score

0.002EPSS

2022-04-13 06:15 PM
257
2
cve
cve

CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication...

9.8CVSS

9.7AI Score

0.002EPSS

2022-04-13 06:15 PM
166
Total number of security vulnerabilities120