Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Vrealize Automation Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2016-5336

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8CVSS

9AI Score

0.047EPSS

2016-08-31 01:59 AM
23
cve
cve

CVE-2016-7460

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity ref...

9.1CVSS

8.9AI Score

0.011EPSS

2016-12-29 09:59 AM
33
8
cve
cve

CVE-2017-4947

VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.

9.8CVSS

9.8AI Score

0.035EPSS

2018-01-29 04:29 PM
38
cve
cve

CVE-2018-6959

VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.

9.8CVSS

9.3AI Score

0.005EPSS

2018-04-13 01:29 PM
36
cve
cve

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

9.8CVSS

9.8AI Score

0.975EPSS

2022-04-11 08:15 PM
1083
In Wild
5
cve
cve

CVE-2022-22955

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

9.8CVSS

9.7AI Score

0.002EPSS

2022-04-13 06:15 PM
264
2
cve
cve

CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

9.8CVSS

9.7AI Score

0.002EPSS

2022-04-13 06:15 PM
173
cve
cve

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

9.8CVSS

9.1AI Score

0.58EPSS

2022-05-20 09:15 PM
122
In Wild
10