CVE-2022-31658

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution...

CVE-2022-31663

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting XSS vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window...

CVE-2022-31664

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'...

EUVD-2016-3181

Malware in sbrugna...

EUVD-2016-8313

Malware in sbrugna...

EUVD-2015-2437

Malware in sbrugna...

EUVD-2016-6286

Malware in sbrugna...

EUVD-2018-18702

Malware in sbrugna...

EUVD-2016-6285

Malware in sbrugna...

EUVD-2016-6287

Malware in sbrugna...

EUVD-2022-28081

Malicious code in bioql PyPI...

EUVD-2022-53096

Malicious code in bioql PyPI...

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...

CVE-2019-1003068

Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

VulnCheck KEV: CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

The platform for automating work processes in VMware vRealize Orchestrator is vulnerable. The tools for managing virtual infrastructure in VMware vRealize Automation and the VMware Cloud Foundation virtualization platform are also vulnerable. This vulnerability stems from incorrect restrictions on XML references to external objects, allowing attackers to carry out XXE attacks.

The vulnerability of the VMware vRealize Orchestrator platform, which is used for automating work processes, as well as the VMware vRealize Automation tool for managing virtual infrastructure, and the VMware Cloud Foundation virtualization platform, is related to incorrect restrictions on XML...

Vulnerability fixed in VMware vRealize

VMware has fixed a vulnerability in vRealize Orchestrator and vRealize Automation. A malicious person with access to the Orchestrator could exploit the vulnerability for an XML External Entity XXE attack, potentially gaining access to sensitive data or grant themselves elevated privileges in the...

VMware Patches Critical Vulnerability in Carbon Black App Control Product

VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product. Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualizatio...