168 matches found
CVE-2020-3940
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability...
CVE-2024-22260
VMware Workspace One UEM update addresses an information exposure vulnerability. A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure...
CVE-2024-22260
The CVE-2024-22260 entry relates to VMware Workspace ONE UEM where a network-accessible flaw could expose information. Affected product: VMware Workspace ONE UEM. Root cause/impact: information exposure with high confidentiality and integrity impact per CVSS 3.1 metrics (AV:N, AC:H, PR:N, UI:R; C...
RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability
The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now...
CVE-2023-20886
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...
Open redirect
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...
VMware Workspace ONE Input Validation Error Vulnerability
VMware Vmware Workspace One is a platform from VMware that supports cross-device applications for rapid delivery and management of applications. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoint...
The vulnerability of the VMware Workspace One Access application management platform, related to the administration console of VMware Identity Manager (vIDM), involves redirecting URLs to an unreliable website. This allows a malicious user to redirect users to any arbitrary URL address.
The vulnerability of the VMware Workspace One Access application management platform, as well as the VMware Identity Manager administration consoles, is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow a malicious actor to redirect...
CVE-2023-20884
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure...
VMware Workspace ONE Access CVE-2022-22960
This module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. Module Options msf use...
VMware Workspace ONE Access Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...
VMware Workspace ONE Access Privilege Escalation Exploit
This Metasploit module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. This module requires...
VMware Workspace ONE Remote Code Execution Exploit
This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the...
Design/Logic Flaw
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode...
CVE-2023-20857
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode...
VMware Workspace ONE Content 访问控制错误漏洞
VMware Vmware Workspace One is a platform from VMware that supports cross-device applications for rapid delivery and management of applications. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoint...
CVE-2023-20857
CVE-2023-20857 relates to a passcode bypass vulnerability in VMware Workspace ONE Content. Connected sources confirm the issue affects the Workspace ONE Content component and could allow bypassing the device passcode when the attacker has access to a rooted device. The primary public advisories d...
VMware Workspace ONE Access 和 Identity Manage 安全漏洞
VMware Workspace One Access and VMware Identity Manager are both products of VMware, Inc.VMware Workspace One Access is a centralized management console that enables you to manage users and groups, set and manage authentication and access policies, and add resources to a directory and manage...
VMware Workspace One Access和VMware Identity Manager 访问控制错误漏洞
VMware Workspace One Access and VMware Identity Manager are both products of VMware, Inc.VMware Workspace One Access is a centralized management console that enables you to manage users and groups, set and manage authentication and access policies, and add resources to a directory and manage...
CVE-2022-31701
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3...