Identity Manager@3.3.4 Security Vulnerabilities and Issues — Identity Manager@3.3.4 CVE List

Lucene search

VmwareIdentity Manager3.3.4

20 matches found

CVE•added 2022/04/11 8:15 p.m.•1277 views

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

10CVSS9.8AI score0.94441EPSS

CVE•added 2022/04/13 6:15 p.m.•1162 views

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.7AI score0.77217EPSS

CVE•added 2022/08/05 4:15 p.m.•382 views

CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

9.8CVSS9.1AI score0.8036EPSS

CVE•added 2022/04/13 6:15 p.m.•283 views

CVE-2022-22955

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

9.8CVSS9.7AI score0.56895EPSS

CVE•added 2022/04/13 6:15 p.m.•254 views

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

7.2CVSS8.6AI score0.43709EPSS

CVE•added 2022/05/20 9:15 p.m.•246 views

CVE-2022-22972

9.8CVSS9.1AI score0.93742EPSS

CVE•added 2022/05/20 9:15 p.m.•216 views

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.6AI score0.04748EPSS

CVE•added 2022/04/13 6:15 p.m.•201 views

CVE-2022-22956

9.8CVSS9.7AI score0.56895EPSS

CVE•added 2022/04/13 6:15 p.m.•165 views

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

4.3CVSS6.5AI score0.00414EPSS

CVE•added 2022/08/05 4:15 p.m.•165 views

CVE-2022-31659

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

7.2CVSS8.5AI score0.05288EPSS

CVE•added 2022/08/05 4:15 p.m.•157 views

CVE-2022-31658

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

7.2CVSS8.5AI score0.10136EPSS

CVE•added 2022/04/13 6:15 p.m.•145 views

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting vic...

5.3CVSS6.8AI score0.00542EPSS

CVE•added 2022/08/05 4:15 p.m.•144 views

CVE-2022-31665

7.2CVSS8.5AI score0.07727EPSS

CVE•added 2022/08/05 4:15 p.m.•126 views

CVE-2022-31664

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.7AI score0.002EPSS

CVE•added 2022/08/05 4:15 p.m.•116 views

CVE-2022-31661

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.7AI score0.00146EPSS

CVE•added 2022/04/13 6:15 p.m.•111 views

CVE-2022-22958

7.2CVSS8.6AI score0.43709EPSS

CVE•added 2022/08/05 4:15 p.m.•98 views

CVE-2022-31660

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.6AI score0.08196EPSS

CVE•added 2022/08/05 4:15 p.m.•94 views

CVE-2022-31663

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

6.1CVSS7.1AI score0.01281EPSS

CVE•added 2022/08/05 4:15 p.m.•84 views

CVE-2022-31657

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

9.8CVSS9.2AI score0.02068EPSS

CVE•added 2022/08/05 4:15 p.m.•77 views

CVE-2022-31662

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.

7.5CVSS8.4AI score0.02008EPSS