Lucene search
+L

168 matches found

osv
osv
added 2021/12/20 9:15 p.m.3 views

CVE-2021-22056

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response...

7.5CVSS5.8AI score0.01558EPSS
Exploits0References1
prion
prion
added 2021/12/20 9:15 p.m.15 views

Server side request forgery (ssrf)

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response...

5CVSS7.6AI score0.01558EPSS
Exploits0References1Affected Software3
nvd
nvd
added 2021/12/17 5:15 p.m.36 views

CVE-2021-22054

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to...

7.5CVSS0.97713EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2021/12/17 4:10 p.m.2 views

CVE-2021-22054

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to...

7.3AI score0.97713EPSS
Exploits1References1
cvelist
cvelist
added 2021/12/17 4:10 p.m.60 views

CVE-2021-22054

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to...

7.9AI score0.97713EPSS
Exploits1References1
cnnvd
cnnvd
added 2021/12/17 12:0 a.m.13 views

Vmware Workspace One 代码问题漏洞

Vmware Vmware Workspace One is a platform for supporting cross-device applications for rapid delivery and management of applications from Vmware, USA. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoi...

7.5CVSS7.9AI score0.97713EPSS
Exploits1References5
openvas
openvas
added 2021/10/06 12:0 a.m.266 views

'/;/WEB-INF/' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

9.8CVSS6.5AI score0.99999EPSS
Exploits14References7
prion
prion
added 2021/08/31 10:15 p.m.20 views

Default credentials

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and...

5CVSS8AI score0.00994EPSS
Exploits0References1Affected Software4
cve
cve
added 2021/08/31 9:2 p.m.106 views

CVE-2021-22002

CVE-2021-22002 affects VMware Workspace ONE Access and Identity Manager. The flaw allows tampering with host headers to access the /cfg web app and diagnostic endpoints over port 443, bypassing authentication for those resources. The root cause is improper validation of host headers that enables ...

9.8CVSS9.3AI score0.01207EPSS
Exploits0References1Affected Software2
vulncheck_kev
vulncheck_kev
added 2021/08/12 12:0 a.m.13 views

VulnCheck KEV: CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

9.8CVSS7.4AI score0.55801EPSS
Exploits3References1
vmware
vmware
added 2021/08/03 12:0 a.m.101 views

VMSA-2021-0016:VMware Workspace ONE Access, Identity Manager and vRealize Automation address multiple vulnerabilities

Advisory ID: VMSA-2021-0016.2 CVSSv3 Range: 3.7-8.6 Issue Date:2021-08-05 Updated On: 2021-11-12 CVEs: CVE-2021-22002, CVE-2021-22003 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation address multiple vulnerabilities CVE-2021-22002, CVE-2021-22003 RSS Feed Download P...

9.8CVSS9AI score0.01207EPSS
Exploits0References28Affected Software5
zdt
zdt
added 2021/06/17 12:0 a.m.85 views

Workspace ONE Intelligent Hub 20.3.8.0 - (VMware Hub Health Monitoring Service) Unquoted Service Pat

Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path Discovery by: Ismael Nava Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html Software Links : https://getwsone.com/ Tested Version: 20.3.8.0...

0.4AI score
Exploits0
exploitdb
exploitdb
added 2021/06/17 12:0 a.m.550 views

Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path

Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 06-16-2021 Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html Software Links : https://getwsone.com/...

7.4AI score
Exploits0
bdu_fstec
bdu_fstec
added 2021/06/10 12:0 a.m.9 views

The vulnerability of VMware Workspace One’s software products stems from the lack of measures taken to protect the structure of the web page. This allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of VMware Workspace One’s software products exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...

6.1CVSS6.3AI score0.00796EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2021/05/11 2:15 p.m.20 views

CVE-2021-21990

VMware Workspace one UEM console 2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to...

6.1CVSS0.00796EPSS
Exploits1References2
cve
cve
added 2021/05/11 1:29 p.m.64 views

CVE-2021-21990

The CVE-2021-21990 entry describes a cross-site scripting (XSS) vulnerability in VMware Workspace ONE UEM Console. Affected versions (as listed in the CVE) include multiple 20.x/19.x lines (various build numbers) prior to the specified fixed releases. Root cause: the console does not validate inc...

6.1CVSS5.9AI score0.00796EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2021/05/11 12:0 a.m.7 views

Vmware Workspace One 跨站脚本漏洞

Vmware Vmware Workspace One is a platform for supporting cross-device applications for rapid delivery and management of applications from Vmware, USA. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoi...

6.1CVSS6.2AI score0.00796EPSS
Exploits1References4
nessus
nessus
added 2020/12/08 12:0 a.m.28 views

VMware Workspace ONE Access HTTP Detection

Binary data vmwareworkspaceoneaccesswebdetect.nbin...

7.3AI score
Exploits0References1
nessus
nessus
added 2020/12/08 12:0 a.m.133 views

VMware Workspace One Access / VMware Identity Manager Command Injection Vulnerability (VMSA-2020-0027)

The VMware Workspace One Access formerly VMware Identity Manager application running on the remote host is affected by a unspecified command injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version. C Tenable...

9.1CVSS8.8AI score0.23771EPSS
Exploits0References6
cisa
cisa
added 2020/12/07 12:0 a.m.174 views

NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

The National Security Agency NSA has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting...

9CVSS3.4AI score0.23771EPSS
Exploits0References3
Rows per page
Query Builder