Lucene search
K
VmwareIdentity Manager

28 matches found

CVE
CVE
added 2022/04/11 7:37 p.m.1348 views

CVE-2022-22954

CVE-2022-22954 is a server-side template injection (SSTI) leading to remote code execution in VMware Workspace ONE Access and VMware Identity Manager. The vulnerability allows an attacker with network access to trigger SSTI in Freemarker templates, potentially compromising the underlying system. ...

10CVSS9.8AI score0.99997EPSS
In wildWeb
CVE
CVE
added 2020/11/23 9:22 p.m.1292 views

CVE-2020-4006

CVE-2020-4006 (VMware) is a remote command-injection flaw in VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector. A attacker with network access to the administrative configurator (port 8443) and valid credentials could execute commands with unrestricte...

9.1CVSS9.4AI score0.23771EPSS
In wild
CVE
CVE
added 2022/04/13 12:0 a.m.1210 views

CVE-2022-22960

CVE-2022-22960 is a VMware privilege-escalation vulnerability in Workspace ONE Access, Identity Manager, and vRealize Automation caused by improper permissions in support scripts. A local attacker can escalate to root on affected systems. Technical details indicate affected products include VMwar...

7.8CVSS8.7AI score0.37171EPSS
In wild
CVE
CVE
added 2022/08/05 3:7 p.m.445 views

CVE-2022-31656

CVE-2022-31656 affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerability is an authentication bypass that allows a remote attacker with network access to the UI to obtain administrative access without authentication. Base CVSS v3.1 score is 9.8 (CRITICAL) w...

9.8CVSS9.1AI score0.18285EPSS
In wild
CVE
CVE
added 2022/04/13 5:5 p.m.307 views

CVE-2022-22955

CVE-2022-22955 and CVE-2022-22956 affect VMware Workspace ONE Access via the OAuth2 ACS framework. The issues are authentication bypass vulnerabilities that allow a remote attacker to bypass authentication and perform operations due to exposed endpoints. Technical context in connected docs confir...

9.8CVSS9.7AI score0.50694EPSS
In wild
CVE
CVE
added 2022/05/20 8:18 p.m.298 views

CVE-2022-22972

CVE-2022-22972 is an authentication bypass affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. A malicious actor with network access to the UI could obtain administrative access without authentication. Public materials (CVEs, vendor advisories) confirm affected produ...

9.8CVSS9.1AI score0.52813EPSS
In wild
CVE
CVE
added 2022/04/13 12:0 a.m.268 views

CVE-2022-22957

Summary (CVE-2022-22957 / CVE-2022-22958): VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by remote code execution vulnerabilities. The root cause is deserialization of untrusted data via a malicious JDBC URI in the DBConnectionCheckController (CVE-2022-22957) ...

7.2CVSS8.6AI score0.23084EPSS
In wild
CVE
CVE
added 2022/05/20 8:18 p.m.257 views

CVE-2022-22973

CVE-2022-22973 is a local privilege escalation affecting VMware Workspace ONE Access and VMware Identity Manager. The root cause is improper permissions/handling in support scripts, permitting an attacker with local access to escalate to root. Affected product lines include Workspace ONE Access a...

7.8CVSS8.6AI score0.02294EPSS
In wild
CVE
CVE
added 2022/04/13 12:0 a.m.226 views

CVE-2022-22956

CVE-2022-22956 affects VMware Workspace ONE Access. The vulnerability is an authentication bypass in the OAuth2 ACS/OAuth2TokenResourceController layer, created by exposed endpoints that let a remote attacker bypass authentication and perform operations. It is part of a duo with CVE-2022-22955. T...

9.8CVSS9.7AI score0.50694EPSS
In wild
CVE
CVE
added 2022/08/05 3:6 p.m.190 views

CVE-2022-31659

Affected product: VMware Workspace ONE Access and Identity Manager. Vulnerabilities CVE-2022-31659 (SQL injection RCE) and related CVEs exist; CVE-2022-31656 (authentication bypass) enables prerequisites for RCE. The CVSS base vector indicates Network attack, Low complexity, Privileges Required: ...

7.2CVSS8.5AI score0.02261EPSS
CVE
CVE
added 2022/04/13 5:5 p.m.177 views

CVE-2022-22959

CVE-2022-22959 affects VMware Workspace ONE Access, VMware Identity Manager, and vRealize Automation. The vulnerability is a Cross-Site Request Forgery (CSRF) that can trick a logged-in user into unknowingly validating a malicious JDBC URI, as described in the VMSA-2022-0011 advisory. This mode s...

4.3CVSS6.5AI score0.00497EPSS
CVE
CVE
added 2022/08/05 3:7 p.m.175 views

CVE-2022-31658

Summary (CVE-2022-31658) VMware Workspace ONE Access, Identity Manager, and vRealize Automation are affected by a remote code execution vulnerability that an attacker with administrator and network access can trigger. The issue is listed with CVSSv3.1: Network attack vector, low attack complexity...

7.2CVSS8.5AI score0.01898EPSS
CVE
CVE
added 2022/04/13 5:5 p.m.170 views

CVE-2022-22961

CVE-2022-22961 affects VMware products including Workspace ONE Access, Identity Manager and vRealize Automation. The issue is an information-disclosure fault caused by returning excess data, enabling a remote attacker to leak the target’s hostname. The vulnerability is exploitable remotely and co...

5.3CVSS6.8AI score0.00813EPSS
CVE
CVE
added 2022/08/05 3:6 p.m.165 views

CVE-2022-31665

CVE-2022-31665 affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The issue is a JDBC injection leading to remote code execution (RCE) , exploitable by a user with administrator and network access to trigger code execution. The vulnerability is documented alongside ot...

7.2CVSS8.5AI score0.01898EPSS
Web
CVE
CVE
added 2022/08/05 3:6 p.m.150 views

CVE-2022-31664

CVE-2022-31664 affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The issue is a local privilege escalation that can allow a malicious actor with local access to gain root privileges. The description in the sources consistently states a privilege-escalation flaw witho...

7.8CVSS8.7AI score0.0033EPSS
Web
CVE
CVE
added 2022/08/05 3:6 p.m.132 views

CVE-2022-31661

CVE-2022-31661 affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. It is a local privilege escalation vulnerability where a user with local access (notably the horizon user) can escalate privileges to root. Public writeups describe two related LPE issues in the same fam...

7.8CVSS8.7AI score0.00337EPSS
CVE
CVE
added 2022/04/13 5:5 p.m.129 views

CVE-2022-22958

CVE-2022-22958 is part of a pair of remote code execution vulnerabilities affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. Public details in the connected docs confirm two RCE vulnerabilities (CVE-2022-22957 and CVE-2022-22958) that can be triggered by an attacker ...

7.2CVSS8.6AI score0.02952EPSS
In wild
CVE
CVE
added 2023/05/30 3:5 p.m.120 views

CVE-2023-20884

CVE-2023-20884 affects VMware Workspace ONE Access and VMware Identity Manager. The issue is an insecure redirect caused by improper path handling that could allow an unauthenticated attacker to redirect victims to attacker-controlled domains, potentially disclosing sensitive information. VMware ...

6.1CVSS5.9AI score0.00348EPSS
CVE
CVE
added 2022/08/05 3:6 p.m.115 views

CVE-2022-31663

Summary: CVE-2022-31663 affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. The issue is a reflected cross-site scripting (XSS) vulnerability caused by improper user input sanitization, allowing a malicious actor with some user interaction to inject JavaScript into a ta...

6.1CVSS7.1AI score0.00583EPSS
CVE
CVE
added 2022/08/05 3:5 p.m.114 views

CVE-2022-31660

VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by a local privilege-escalation flaw (CVE-2022-31660). An attacker with local access can escalate to root by modifying a file and restarting the vmware-certproxy service, which is invoked with sudo without a passwo...

7.8CVSS8.6AI score0.01062EPSS
CVE
CVE
added 2021/08/31 9:2 p.m.105 views

CVE-2021-22002

CVE-2021-22002 affects VMware Workspace ONE Access and Identity Manager. The flaw allows tampering with host headers to access the /cfg web app and diagnostic endpoints over port 443, bypassing authentication for those resources. The root cause is improper validation of host headers that enables ...

9.8CVSS9.3AI score0.01207EPSS
CVE
CVE
added 2022/08/05 3:7 p.m.102 views

CVE-2022-31657

VMware Workspace ONE Access and Identity Manager are affected by CVE-2022-31657, a URL-injection vulnerability in the authentication/UI flow that allows an attacker with network access to redirect an authenticated user to an arbitrary domain. Root cause: improper handling of URL input leading to ...

9.8CVSS9.2AI score0.01139EPSS
CVE
CVE
added 2021/08/31 9:2 p.m.97 views

CVE-2021-22003

CVE-2021-22003 affects VMware Workspace One Access and Identity Manager. The issue is an unintentionally exposed login interface on port 7443. An attacker with network access could perform user enumeration or brute force the login endpoint, with practicality hinging on the target’s lockout policy...

7.5CVSS8.6AI score0.00994EPSS
CVE
CVE
added 2022/08/05 3:5 p.m.92 views

CVE-2022-31662

Summary (CVE-2022-31662): VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation are affected by a path traversal vulnerability. A malicious actor with network access may be able to read arbitrary files on the system. The issue is detailed in the VMware VMSA-2022-0021 a...

7.5CVSS8.4AI score0.01074EPSS
CVE
CVE
added 2022/12/14 12:0 a.m.90 views

CVE-2022-31700

CVE-2022-31700 affects VMware Workspace ONE Access and Identity Manager. The vulnerability is an authenticated remote code execution flaw (RCE) in the product, with a CVSSv3 base score of 7.2 (Important). Public documents describe the issue as an authenticated RCE, potentially allowing code execu...

7.2CVSS7.3AI score0.01082EPSS
Web
CVE
CVE
added 2016/08/31 1:0 a.m.67 views

CVE-2016-5335

CVE-2016-5335 affects VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1. The issue is a local privilege escalation via unspecified vectors, allowing a low-privileged user to obtain root. VMware issued VMSA-2016-0013 and provided patches: Identity Manager 2.7 and vRea...

7.8CVSS7.4AI score0.00343EPSS
CVE
CVE
added 2021/12/20 8:8 p.m.66 views

CVE-2021-22056

CVE-2021-22056 is an SSRF vulnerability affecting VMware Workspace ONE Access (versions 21.08, 20.10.0.1, 20.10) and VMware Identity Manager (3.3.5, 3.3.4, 3.3.3). A malicious actor with network access could make HTTP requests to arbitrary origins and read the full response. Red Hat and CVE recor...

7.5CVSS7.6AI score0.01558EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.51 views

CVE-2016-5334

CVE-2016-5334 affects VMware Identity Manager 2.x < 2.7.1 and vRealize Automation 7.x

5.3CVSS5.2AI score0.02133EPSS