Access Connector Security Vulnerabilities and Issues — Access Connector CVE List

VmwareAccess Connector

9 matches found

CVE•added 2022/08/05 3:7 p.m.•438 views

CVE-2022-31656

CVE-2022-31656 affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerability is an authentication bypass that allows a remote attacker with network access to the UI to obtain administrative access without authentication. Base CVSS v3.1 score is 9.8 (CRITICAL) w...

9.8CVSS9.1AI score0.18428EPSS

In wild

CVE•added 2022/08/05 3:6 p.m.•186 views

CVE-2022-31659

Affected product: VMware Workspace ONE Access and Identity Manager. Vulnerabilities CVE-2022-31659 (SQL injection RCE) and related CVEs exist; CVE-2022-31656 (authentication bypass) enables prerequisites for RCE. The CVSS base vector indicates Network attack, Low complexity, Privileges Required: ...

7.2CVSS8.5AI score0.02261EPSS

CVE•added 2022/08/05 3:7 p.m.•173 views

CVE-2022-31658

Summary (CVE-2022-31658) VMware Workspace ONE Access, Identity Manager, and vRealize Automation are affected by a remote code execution vulnerability that an attacker with administrator and network access can trigger. The issue is listed with CVSSv3.1: Network attack vector, low attack complexity...

7.2CVSS8.5AI score0.01898EPSS

CVE•added 2022/08/05 3:6 p.m.•147 views

CVE-2022-31664

CVE-2022-31664 affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The issue is a local privilege escalation that can allow a malicious actor with local access to gain root privileges. The description in the sources consistently states a privilege-escalation flaw witho...

7.8CVSS8.7AI score0.0033EPSS

Web

CVE•added 2022/08/05 3:6 p.m.•130 views

CVE-2022-31661

CVE-2022-31661 affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. It is a local privilege escalation vulnerability where a user with local access (notably the horizon user) can escalate privileges to root. Public writeups describe two related LPE issues in the same fam...

7.8CVSS8.7AI score0.00337EPSS

CVE•added 2022/08/05 3:6 p.m.•112 views

CVE-2022-31663

Summary: CVE-2022-31663 affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. The issue is a reflected cross-site scripting (XSS) vulnerability caused by improper user input sanitization, allowing a malicious actor with some user interaction to inject JavaScript into a ta...

6.1CVSS7.1AI score0.00583EPSS

CVE•added 2022/08/05 3:5 p.m.•111 views

CVE-2022-31660

VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by a local privilege-escalation flaw (CVE-2022-31660). An attacker with local access can escalate to root by modifying a file and restarting the vmware-certproxy service, which is invoked with sudo without a passwo...

7.8CVSS8.6AI score0.01062EPSS

CVE•added 2022/08/05 3:7 p.m.•100 views

CVE-2022-31657

VMware Workspace ONE Access and Identity Manager are affected by CVE-2022-31657, a URL-injection vulnerability in the authentication/UI flow that allows an attacker with network access to redirect an authenticated user to an arbitrary domain. Root cause: improper handling of URL input leading to ...

9.8CVSS9.2AI score0.01139EPSS

CVE•added 2022/08/05 3:5 p.m.•89 views

CVE-2022-31662

Summary (CVE-2022-31662): VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation are affected by a path traversal vulnerability. A malicious actor with network access may be able to read arbitrary files on the system. The issue is detailed in the VMware VMSA-2022-0021 a...

7.5CVSS8.4AI score0.01074EPSS