36 matches found
EUVD-2020-5457
Malware in sbrugna...
EUVD-2020-5447
Malware in sbrugna...
EUVD-2020-5446
Malware in sbrugna...
CVE-2020-4006
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability...
CVE-2020-13176
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 v16 and earlier for the Cloud Access Connector contains a stored cross-site scripting XSS vulnerability which allows a remote unauthenticated attacker to poison l...
CVE-2020-13186
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link...
CVE-2020-13175
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 v15 and earlier for Cloud Access Connector contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials...
Apache Text4Shell and others update for Teradici Cloud Access Connector
HP has provided updated versions of Teradici Cloud Access Connector that remediate vulnerabilities found in Apache Commons Text Text4Shell prior to 1.10.0, Apache Commons BCEL prior to 6.6.0, Apache Commons Configuration prior to 2.7, and ESAPI The OWASP Enterprise Security API prior to 2.3.0.0...
VMware Releases Security Updates
VMware has released security updates to address multiple vulnerabilities in VMware’s Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system...
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
1. Impacted Products VMware Horizon VMware vCenter Server VMware HCX VMware NSX-T Data Center VMware Unified Access Gateway VMware WorkspaceOne Access VMware Identity Manager VMware vRealize Operations VMware vRealize Operations Cloud Cloud Proxy VMware vRealize Automation VMware vRealize...
Multiple VMware Products Command Injection Vulnerability
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute...
CVE-2020-13185
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials...
CVE-2020-13186
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link...
CVE-2020-13185
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials...
Cross site request forgery (csrf)
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link...
CVE-2020-13186
CVE-2020-13186 affects Teradici Cloud Access Connector v31 and earlier. The root cause is a missing Anti‑CSRF protection in a specific web form, enabling data modification if a user clicks a crafted link and the attacker knows both a machineID and a user GUID. Connected sources confirm the vulner...
CVE-2020-13186
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link...
CVE-2020-13185
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials...
CVE-2020-13185
CVE-2020-13185 affects the Teradici Cloud Access Connector prior to v18, where certain pages in the authenticated area could be accessed without authentication tokens. This is due to insufficient access control on those pages, enabling an attacker to perform sensitive functions without credential...
Teradici Cloud Access Connector Cross-Site Request Forgery Vulnerability
A cross-site request forgery vulnerability exists in Teradici Cloud Access Connector v31 and earlier, which can be exploited by an attacker to modify data when a user clicks a malicious link...