Lucene search
K
SrcinciteMost viewed

293 matches found

Source Incite
Source Incite
added 2023/02/04 12:0 a.m.860 views

SRC-2023-0003 : TP-Link Archer AX20/AX21 minidlnad db_dir Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX20 and AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the misconfiguration of the dbdir...

7.5CVSS7.4AI score0.03138EPSS
Exploits1
Source Incite
Source Incite
added 2021/01/24 12:0 a.m.385 views

SRC-2021-0010 : Smarty Template Engine Smarty_Internal_Runtime_TplFunction Sandbox Escape Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of Smarty Template Engine. Authentication is context dependant and may not be required to exploit this vulnerability. The specific flaw exists within the SmartyInternalCompileFunctio...

9.8CVSS9.2AI score0.82316EPSS
Exploits38
Source Incite
Source Incite
added 2021/06/23 12:0 a.m.384 views

SRC-2021-0021 : League flysystem removeFunkyWhiteSpace Time-Of-Check Time-Of-Use File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of League flysystem. Authentication may not be required to exploit this vulnerability. The specific flaw exists within the removeFunkyWhiteSpace function. The issue results from a...

9.8CVSS9.1AI score0.03486EPSS
Exploits2
Source Incite
Source Incite
added 2022/03/29 12:0 a.m.331 views

SRC-2023-0001 : PTC Thingworx Edge C-SDK twHeader_fromStream Integer Overflow Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PTC Thingworx Edge C-SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the twHeaderfromStream function. An integer wrap occurs...

9.8CVSS10AI score0.02937EPSS
Exploits1
Source Incite
Source Incite
added 2022/02/25 12:0 a.m.327 views

SRC-2022-0005 : VMware Workspace ONE Access customError.ftl Server-side Template Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within the customError.ftl template. The issue results from...

10CVSS7.9AI score0.99997EPSS
Exploits25
Source Incite
Source Incite
added 2022/07/12 12:0 a.m.320 views

SRC-2022-0015 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability (patch bypass)

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Although authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue...

7.2CVSS7.8AI score0.01976EPSS
Exploits1
Source Incite
Source Incite
added 2023/11/08 12:0 a.m.318 views

SRC-2024-0001 : Trackplus Allegra Service Desk Module UploadHelper upload Directory Traversal Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trackplus Allegra. Even though authentication is required, guest account registration is enabled by default. The specific flaw exists within the struts core dependency. An...

9.8CVSS9.8AI score0.80819EPSS
Exploits15
Source Incite
Source Incite
added 2020/04/22 12:0 a.m.289 views

SRC-2020-0030 : Microsoft Exchange Server OWA OneDriveProUtilities GetWacUrl XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of GetWacIframeUrlForOneDrive service commands. The issu...

8.8CVSS7.3AI score0.70632EPSS
Exploits1
Source Incite
Source Incite
added 2019/12/12 12:0 a.m.284 views

SRC-2022-0001 : Zoho ManageEngine Desktop Central StateFilter Arbitrary Forward Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine Desktop Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StateFilter class. The issue results from an...

10CVSS9.6AI score0.99867EPSS
Exploits2
Source Incite
Source Incite
added 2023/11/08 12:0 a.m.265 views

SRC-2023-0004 : Apache Struts Security Feature Bypass Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on applications utilizing affected installations of Apache Struts. Depending on the context, authentication may not be required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS9.8AI score0.80819EPSS
Exploits15
Source Incite
Source Incite
added 2022/07/12 12:0 a.m.209 views

SRC-2022-0016 : VMware Workspace ONE Access ntpServer.hzn Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workspace ONE Access. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

7.8CVSS7.7AI score0.00333EPSS
Exploits1
Source Incite
Source Incite
added 2018/11/20 12:0 a.m.203 views

SRC-2019-0009 : Foxit Reader SDK ActiveX Launch Action New Window Command Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader SDK ActiveX Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

9.3CVSS8.7AI score0.07992EPSS
Exploits2
Source Incite
Source Incite
added 2022/08/03 12:0 a.m.197 views

SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a vulnerable unmarshaller used to handle incoming...

8.5CVSS9AI score0.98124EPSS
Exploits6
Source Incite
Source Incite
added 2020/08/13 12:0 a.m.193 views

SRC-2020-0024 : Microsoft SharePoint Server TOCTOU ControlParameter Binding Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the WebPartEditingSurfacePage class. The issue results from the lac...

8.6CVSS7.2AI score0.01415EPSS
Exploits1
Source Incite
Source Incite
added 2022/09/19 12:0 a.m.190 views

SRC-2022-0023 : VMWare Workspace ONE Access ClaimTransformationHelper validateClaimRuleCondition Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Workspace ONE Access. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

7.2CVSS6.9AI score0.01082EPSS
Exploits1
Source Incite
Source Incite
added 2021/10/21 12:0 a.m.173 views

SRC-2021-0029 : Dedecms GetCookie Type Juggling Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetCookie function. The issue results from a loose comparison check wh...

7.1AI score
Exploits0
Source Incite
Source Incite
added 2022/08/03 12:0 a.m.168 views

SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...

9.1CVSS9.1AI score0.08085EPSS
Exploits1
Source Incite
Source Incite
added 2025/08/14 12:0 a.m.154 views

SRC-2025-0004 : Samsung MagicINFO 9 Server ResponseUploadActivity TOCTOU Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ResponseUploadActivity class. The issue results fr...

8.8CVSS6.3AI score0.00398EPSS
Exploits1
Source Incite
Source Incite
added 2025/08/13 12:0 a.m.152 views

SRC-2025-0001 : Samsung MagicINFO 9 Server ResponseBootstrappingActivity Exposed Dangerous Method Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO. Authentication is required and SaaS environment needs to be configured. The specific flaw exists within ability to dynamically create FTP accounts. An attack...

6.7AI score
Exploits0
Source Incite
Source Incite
added 2022/05/26 12:0 a.m.147 views

SRC-2022-0020 : VMware vRealize Operations Manager generateSupportBundle VCOPS_BASE Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware vRealize Operations Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...

7.2CVSS8AI score0.00557EPSS
Exploits1
Source Incite
Source Incite
added 2025/09/09 12:0 a.m.145 views

SRC-2025-0006 : Samsung MagicINFO 9 Server MagicInfoWebAuthorClient ContentSaveServiceImpl writeXmlToFile File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...

6.3AI score
Exploits0
Source Incite
Source Incite
added 2022/05/26 12:0 a.m.143 views

SRC-2022-0019 : VMware vRealize Operations Manager SupportLogAction Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to leak sensitive information in VMware vRealize Operations. Authentication is required to exploit this vulnerability however the existing authentication mechanism can be bypassed. The issue results from the ability to access log...

4.3CVSS7AI score0.00544EPSS
Exploits1
Source Incite
Source Incite
added 2025/09/03 12:0 a.m.141 views

SRC-2025-0005 : Samsung MagicINFO 9 Server ContentSaveServiceImpl getMediaSourceFromNewFile File Upload Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...

6.3AI score
Exploits0
Source Incite
Source Incite
added 2025/09/02 12:0 a.m.141 views

SRC-2025-0003 : Samsung MagicINFO 9 Server downloadChangedFiles Directory Traversal Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadChangedFiles function. The issue results fr...

9.8CVSS6AI score0.00494EPSS
Exploits1
Source Incite
Source Incite
added 2025/09/02 12:0 a.m.139 views

SRC-2025-0002 : Samsung MagicINFO 9 Server Hard-coded Credentials Local Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists wi...

9.8CVSS6.2AI score0.00437EPSS
Exploits1
Source Incite
Source Incite
added 2022/05/26 12:0 a.m.139 views

SRC-2022-0018 : VMware vRealize Operations Manager DeploymentNodeLevelController Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to leak sensitive information in VMware vRealize Operations. Authentication is required to exploit this vulnerability however the existing authentication mechanism can be bypassed. The issue results from the ability to request acce...

8.8CVSS9.1AI score0.01288EPSS
Exploits1
Source Incite
Source Incite
added 2022/02/25 12:0 a.m.136 views

SRC-2022-0009 : VMware Workspace ONE Access DBConnectionCheckController dbCheck JDBC Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

7.2CVSS8.6AI score0.23084EPSS
Exploits5
Source Incite
Source Incite
added 2022/02/25 12:0 a.m.131 views

SRC-2022-0011 : VMware Workspace ONE Access gatherConfig.hzn Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workspace ONE Access. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

7.8CVSS8.8AI score0.37171EPSS
Exploits8
Source Incite
Source Incite
added 2025/09/09 12:0 a.m.127 views

SRC-2025-0007 : Samsung MagicINFO 9 Server MagicInfoWebAuthorClient ContentSaveServiceImpl writeXmlToFile File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...

6.3AI score
Exploits0
Source Incite
Source Incite
added 2020/07/06 12:0 a.m.119 views

SRC-2020-0022 : Microsoft SharePoint Server DataFormWebPart CreateChildControls Server-Side Include Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the DataFormWebPart class. The issue results from the lack of prope...

8.6CVSS8.2AI score0.70894EPSS
Exploits5
Source Incite
Source Incite
added 2021/05/05 12:0 a.m.118 views

SRC-2021-0017 : Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Jetty Web Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConcatServlet and WelcomeFilter classes. The issue results fro...

5.3CVSS6.3AI score0.7848EPSS
Exploits2
Source Incite
Source Incite
added 2022/05/26 12:0 a.m.117 views

SRC-2022-0017 : VMware vRealize Operations Manager MainPortalFilter Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware vRealize Operations. Authentication is not required to exploit this vulnerability. The specific flaw exists within MainPortalFilter class. The issue results from the...

7.5CVSS8.4AI score0.00718EPSS
Exploits1
Source Incite
Source Incite
added 2022/01/20 12:0 a.m.113 views

SRC-2022-0002 : Zoho ManageEngine Desktop Central ChangeAmazonPasswordServlet Elevation of Privilege Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to elevate privileges on affected installations of ManageEngine Desktop Central. Authentication as a low privileged user is required to exploit this vulnerability. The specific flaw exists within the ChangeAmazonPasswordServlet...

6.5CVSS6.6AI score0.0192EPSS
Exploits1
Source Incite
Source Incite
added 2020/12/09 12:0 a.m.109 views

SRC-2021-0013 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy ruleParameters TOCTOU Remote Code Execution Vulnerability (patch bypass)

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Data Loss Prevention” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...

9.1CVSS9.3AI score0.30397EPSS
Exploits1
Source Incite
Source Incite
added 2022/02/25 12:0 a.m.106 views

SRC-2022-0008 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue results from...

7.2CVSS7.7AI score0.02952EPSS
Exploits5
Source Incite
Source Incite
added 2022/04/22 12:0 a.m.105 views

SRC-2022-0013 : Inductive Automation Ignition GatewaySessionManagerImpl Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within GatewaySessionManagerImpl class. The issue results...

9.8CVSS9.7AI score0.01955EPSS
Exploits2
Source Incite
Source Incite
added 2020/12/09 12:0 a.m.105 views

SRC-2021-0011 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability (patch bypass)

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Records Management” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...

7.2CVSS8.1AI score0.19573EPSS
Exploits1
Source Incite
Source Incite
added 2022/04/22 12:0 a.m.100 views

SRC-2022-0014 : Inductive Automation Ignition ScriptInvoke Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exist...

7.2CVSS7.5AI score0.02485EPSS
Exploits2
Source Incite
Source Incite
added 2022/03/29 12:0 a.m.94 views

SRC-2023-0002 : PTC Thingworx Edge C-SDK mulitpartMessageStoreEntry_Create Array Indexing Out-of-Bounds Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PTC Thingworx Edge C-SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mulitpartMessageStoreEntryCreate function. An...

9.8CVSS9.8AI score0.11784EPSS
Exploits1
Source Incite
Source Incite
added 2022/02/25 12:0 a.m.93 views

SRC-2022-0012 : VMware Workspace ONE Access BrandingResource getBranding Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to dislose the hostname on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within BrandingResource class. The issue results from the...

5.3CVSS7.3AI score0.00813EPSS
Exploits1
Source Incite
Source Incite
added 2022/02/25 12:0 a.m.89 views

SRC-2022-0007 : VMware Workspace ONE Access OAuth2ActivateResource ACS Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within OAuth2ActivateResource class. The issue results from t...

9.8CVSS9.7AI score0.50694EPSS
Exploits5
Source Incite
Source Incite
added 2021/10/21 12:0 a.m.90 views

SRC-2022-0003 : Adobe Acrobat Reader DC abs Type 2 Font Parsing Charstring Out-of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

5.5CVSS5.4AI score0.14701EPSS
Exploits1
Source Incite
Source Incite
added 2020/11/19 12:0 a.m.87 views

SRC-2021-0005 : NetMotion Mobility Server SupportRpcServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SupportRpcServlet class. The issue results from the la...

9.3CVSS6.9AI score0.41045EPSS
Exploits8
Source Incite
Source Incite
added 2018/11/20 12:0 a.m.85 views

SRC-2019-0010 : Foxit Reader SDK ActiveX URI Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader SDK ActiveX Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

7.8CVSS8.8AI score0.04896EPSS
Exploits1
Source Incite
Source Incite
added 2020/06/04 12:0 a.m.83 views

SRC-2020-0025 : Microsoft Exchange Server ExportExchangeCertificate WriteCertiricate File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Exchange Server Certificates” role is required to exploit this vulnerability. The specific flaw exists within the WriteCertiricate...

5.5CVSS7.2AI score0.11981EPSS
Exploits1
Source Incite
Source Incite
added 2020/12/09 12:0 a.m.80 views

SRC-2021-0012 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability (patch bypass)

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Records Management” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...

9.1CVSS9.3AI score0.18343EPSS
Exploits1
Source Incite
Source Incite
added 2020/09/19 12:0 a.m.79 views

SRC-2022-0004 : Microsoft SharePoint Server SPWebRequest SafeCreate TOCTOU DNS Rebinding Security Feature Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose bypass access IP restrictions on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPWebRequest SafeCreate API. The issu...

4.3CVSS6.1AI score0.02134EPSS
Exploits1
Source Incite
Source Incite
added 2021/08/20 12:0 a.m.78 views

SRC-2021-0023 : Foxit Reader Annotation transitionToState Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.7AI score0.00503EPSS
Exploits1
Source Incite
Source Incite
added 2022/02/25 12:0 a.m.77 views

SRC-2022-0010 : VMware Workspace ONE Access DBConnectionCheckController Cross-Site Request Forgery Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...

4.3CVSS7.1AI score0.00497EPSS
Exploits1
Source Incite
Source Incite
added 2022/02/25 12:0 a.m.77 views

SRC-2022-0006 : VMware Workspace ONE Access OAuth2TokenResourceController ACS Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within OAuth2TokenResourceController class. The issue results...

9.8CVSS9.7AI score0.08087EPSS
Exploits5
Total number of security vulnerabilities293