Lucene search
K

225 matches found

Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.1 views

PT-2022-4058 · Vmware · Vmware Vrealize Automation +2

Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE Access, Identity Manager and vRealize Automation affected versions not specified Description: The issue is related to a privilege escalation vulnerability in the administration platform of VMware Workspace One Access,...

7.8CVSS8.2AI score0.01062EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.7 views

PT-2022-3966 · Vmware · Identity Manager +2

Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE Access, Identity Manager and vRealize Automation affected versions not specified Description: The issue is related to an authentication bypass vulnerability affecting local domain users. A malicious actor with network...

9.8CVSS9.1AI score0.18285EPSS
Exploits1References16
VMware
VMware
added 2022/08/02 12:0 a.m.62 views

VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.

3a. Authentication Bypass Vulnerability CVE-2022-31656 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a...

7.5CVSS8.8AI score0.18285EPSS
Exploits6References19Affected Software7
Source Incite
Source Incite
added 2022/07/12 12:0 a.m.318 views

SRC-2022-0015 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability (patch bypass)

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Although authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue...

7.2CVSS7.8AI score0.01898EPSS
Exploits1
Source Incite
Source Incite
added 2022/07/12 12:0 a.m.207 views

SRC-2022-0016 : VMware Workspace ONE Access ntpServer.hzn Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workspace ONE Access. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

7.8CVSS7.7AI score0.0033EPSS
Exploits1
CNVD
CNVD
added 2022/05/31 12:0 a.m.21 views

Authentication Bypass Vulnerability in Multiple VMware Products

VMware vRealize Automation is a management tool that provides self-service, supervisory multi-cloud automation.VMware Workspace One Access is a centralized management console through which you can manage users and groups, set and manage authentication and access policies, and add resources to the...

9.8CVSS7.2AI score0.52813EPSS
Exploits3References1
GithubExploit
GithubExploit
added 2022/05/24 8:19 p.m.363 views

Exploit for CVE-2022-22972

CVE-2022-22972 POC for CVE-2022-22972 affecting VMware Workspa...

9.8CVSS9.7AI score0.52813EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2022/05/20 9:15 p.m.149 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. Rapid7 Analysis...

10CVSS7.4AI score0.99997EPSS
In wildExploits26References3
OSV
OSV
added 2022/05/20 9:15 p.m.30 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

9.8CVSS6.8AI score
Exploits0References1
NVD
NVD
added 2022/05/20 9:15 p.m.27 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

9.8CVSS0.52813EPSS
Exploits3References1
CVE
CVE
added 2022/05/20 8:18 p.m.297 views

CVE-2022-22972

CVE-2022-22972 is an authentication bypass affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. A malicious actor with network access to the UI could obtain administrative access without authentication. Public materials (CVEs, vendor advisories) confirm affected produ...

9.8CVSS9.1AI score0.52813EPSS
In wildExploits3References1Affected Software3
Cvelist
Cvelist
added 2022/05/20 8:18 p.m.26 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

9.5AI score0.52813EPSS
Exploits3References1
BDU FSTEC
BDU FSTEC
added 2022/05/20 12:0 a.m.6 views

The vulnerability of the user interface of the VMware Workspace One Access application management platform, the administration consoles of VMware Identity Manager (vIDM), and the virtual infrastructure management tools of VMware vRealize Automation allows a perpetrator to escalate their privileges.

The vulnerability of the user interface of the VMware Workspace One Access application management platform, as well as the administration consoles of VMware Identity Manager vIDM, and the virtual infrastructure management tool VMware vRealize Automation, is related to the possibility of bypassing...

10CVSS8AI score0.52813EPSS
Exploits3References3
Rapid7 Blog
Rapid7 Blog
added 2022/05/19 1:54 p.m.289 views

CVE-2022-22972: Critical Authentication Bypass in VMware Workspace ONE Access, Identity Manager, and vRealize Automation

On May 18, 2022, VMware published VMSA-2022-0014 on CVE-2022-22972 and CVE-2022-22973. The more severe of the two vulnerabilities is CVE-2022-22972, a critical authentication bypass affecting VMware’s Workspace ONE Access, Identity Manager, and vRealize Automation solutions. The vulnerability...

10CVSS0.6AI score0.99997EPSS
Exploits33
The Hacker News
The Hacker News
added 2022/05/19 5:48 a.m.175 views

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products

VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 CVSS score: 9.8, concerns an authentication bypass that...

10CVSS1.9AI score0.99997EPSS
Exploits96
NCSC
NCSC
added 2022/05/19 12:0 a.m.5 views

Vulnerabilities fixed in VMWare products

VMware has fixed two vulnerabilities in Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager. An unauthenticated malicious person with access to the management environment could potentially exploit the vulnerabilities to gain gain...

9.8CVSS7.3AI score0.52813EPSS
Exploits11
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.7 views

多款VMware产品授权问题漏洞

VMware vRealize Automation is a management tool that provides self-service, supervisory multi-cloud automation.VMware Workspace One Access is a centralized management console through which you can manage users and groups, set and manage authentication and access policies, and add resources to the...

9.8CVSS5.7AI score0.52813EPSS
Exploits3References3
VMware
VMware
added 2022/05/16 12:0 a.m.38 views

VMSA-2022-0014:VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities

Advisory ID: VMSA-2022-0014.1 CVSSv3 Range: 7.8-9.8 Issue Date:2022-05-18 Updated On: 2022-05-27 CVEs: CVE-2022-22972, CVE-2022-22973 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities. RSS Feed Download PDF Download Text File...

9.8CVSS9.8AI score0.52813EPSS
Exploits3References47Affected Software6
OSV
OSV
added 2022/05/13 1:17 a.m.18 views

GHSA-7H99-VJMF-5PG8 Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data

Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS8.7AI score0.01365EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:17 a.m.19 views

Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data

Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01365EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder