Lucene search
K
VmwareIdentity Manager Connector

13 matches found

CVE
CVE
added 2020/11/23 9:22 p.m.1293 views

CVE-2020-4006

CVE-2020-4006 (VMware) is a remote command-injection flaw in VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector. A attacker with network access to the administrative configurator (port 8443) and valid credentials could execute commands with unrestricte...

9.1CVSS9.4AI score0.23771EPSS
In wild
CVE
CVE
added 2022/08/05 3:7 p.m.446 views

CVE-2022-31656

CVE-2022-31656 affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The vulnerability is an authentication bypass that allows a remote attacker with network access to the UI to obtain administrative access without authentication. Base CVSS v3.1 score is 9.8 (CRITICAL) w...

9.8CVSS9.1AI score0.18285EPSS
In wild
CVE
CVE
added 2022/08/05 3:6 p.m.191 views

CVE-2022-31659

Affected product: VMware Workspace ONE Access and Identity Manager. Vulnerabilities CVE-2022-31659 (SQL injection RCE) and related CVEs exist; CVE-2022-31656 (authentication bypass) enables prerequisites for RCE. The CVSS base vector indicates Network attack, Low complexity, Privileges Required: ...

7.2CVSS8.5AI score0.02261EPSS
CVE
CVE
added 2022/08/05 3:7 p.m.176 views

CVE-2022-31658

Summary (CVE-2022-31658) VMware Workspace ONE Access, Identity Manager, and vRealize Automation are affected by a remote code execution vulnerability that an attacker with administrator and network access can trigger. The issue is listed with CVSSv3.1: Network attack vector, low attack complexity...

7.2CVSS8.5AI score0.01898EPSS
CVE
CVE
added 2022/08/05 3:6 p.m.165 views

CVE-2022-31665

CVE-2022-31665 affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The issue is a JDBC injection leading to remote code execution (RCE) , exploitable by a user with administrator and network access to trigger code execution. The vulnerability is documented alongside ot...

7.2CVSS8.5AI score0.01898EPSS
Web
CVE
CVE
added 2022/08/05 3:6 p.m.151 views

CVE-2022-31664

CVE-2022-31664 affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. The issue is a local privilege escalation that can allow a malicious actor with local access to gain root privileges. The description in the sources consistently states a privilege-escalation flaw witho...

7.8CVSS8.7AI score0.0033EPSS
Web
CVE
CVE
added 2022/08/05 3:6 p.m.133 views

CVE-2022-31661

CVE-2022-31661 affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. It is a local privilege escalation vulnerability where a user with local access (notably the horizon user) can escalate privileges to root. Public writeups describe two related LPE issues in the same fam...

7.8CVSS8.7AI score0.00337EPSS
CVE
CVE
added 2023/05/30 3:5 p.m.121 views

CVE-2023-20884

CVE-2023-20884 affects VMware Workspace ONE Access and VMware Identity Manager. The issue is an insecure redirect caused by improper path handling that could allow an unauthenticated attacker to redirect victims to attacker-controlled domains, potentially disclosing sensitive information. VMware ...

6.1CVSS5.9AI score0.00348EPSS
CVE
CVE
added 2022/08/05 3:6 p.m.117 views

CVE-2022-31663

Summary: CVE-2022-31663 affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. The issue is a reflected cross-site scripting (XSS) vulnerability caused by improper user input sanitization, allowing a malicious actor with some user interaction to inject JavaScript into a ta...

6.1CVSS7.1AI score0.00583EPSS
CVE
CVE
added 2022/08/05 3:5 p.m.114 views

CVE-2022-31660

VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by a local privilege-escalation flaw (CVE-2022-31660). An attacker with local access can escalate to root by modifying a file and restarting the vmware-certproxy service, which is invoked with sudo without a passwo...

7.8CVSS8.6AI score0.01062EPSS
CVE
CVE
added 2022/08/05 3:7 p.m.103 views

CVE-2022-31657

VMware Workspace ONE Access and Identity Manager are affected by CVE-2022-31657, a URL-injection vulnerability in the authentication/UI flow that allows an attacker with network access to redirect an authenticated user to an arbitrary domain. Root cause: improper handling of URL input leading to ...

9.8CVSS9.2AI score0.01139EPSS
CVE
CVE
added 2022/08/05 3:5 p.m.92 views

CVE-2022-31662

Summary (CVE-2022-31662): VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation are affected by a path traversal vulnerability. A malicious actor with network access may be able to read arbitrary files on the system. The issue is detailed in the VMware VMSA-2022-0021 a...

7.5CVSS8.4AI score0.01074EPSS
CVE
CVE
added 2022/12/14 12:0 a.m.85 views

CVE-2022-31701

CVE-2022-31701 affects VMware Workspace ONE Access and VMware Identity Manager. The Red Hat/VMware/NVD and VMSA details confirm a broken authentication vulnerability exploitable via a network path, with a CVSSv3 base score of 5.3 (Moderate); affected components are the authentication endpoints wh...

5.3CVSS6AI score0.00501EPSS