225 matches found
VMware Multiple Products Privilege Escalation Vulnerability
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts...
CVE-2022-22958
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...
CVE-2022-22958
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...
CVE-2022-22960
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'...
CVE-2022-22958
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...
CVE-2022-22959
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...
CVE-2022-22959
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...
CVE-2022-22961
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...
CVE-2022-22957
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...
CVE-2022-22961
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...
Deserialization of untrusted data
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...
Cross site request forgery (csrf)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...
Information disclosure
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...
CVE-2022-22958
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...
CVE-2022-22958
CVE-2022-22958 is part of a pair of remote code execution vulnerabilities affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. Public details in the connected docs confirm two RCE vulnerabilities (CVE-2022-22957 and CVE-2022-22958) that can be triggered by an attacker ...
CVE-2022-22961
CVE-2022-22961 affects VMware products including Workspace ONE Access, Identity Manager and vRealize Automation. The issue is an information-disclosure fault caused by returning excess data, enabling a remote attacker to leak the target’s hostname. The vulnerability is exploitable remotely and co...
CVE-2022-22961
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting...
CVE-2022-22959
CVE-2022-22959 affects VMware Workspace ONE Access, VMware Identity Manager, and vRealize Automation. The vulnerability is a Cross-Site Request Forgery (CSRF) that can trick a logged-in user into unknowingly validating a malicious JDBC URI, as described in the VMSA-2022-0011 advisory. This mode s...
CVE-2022-22959
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI...
CVE-2022-22957
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...