Lucene search
K
VmwareVrealize Automation

20 matches found

CVE
CVE
added 2022/04/11 7:37 p.m.1348 views

CVE-2022-22954

CVE-2022-22954 is a server-side template injection (SSTI) leading to remote code execution in VMware Workspace ONE Access and VMware Identity Manager. The vulnerability allows an attacker with network access to trigger SSTI in Freemarker templates, potentially compromising the underlying system. ...

10CVSS9.8AI score0.99997EPSS
In wildWeb
CVE
CVE
added 2022/04/13 12:0 a.m.1210 views

CVE-2022-22960

CVE-2022-22960 is a VMware privilege-escalation vulnerability in Workspace ONE Access, Identity Manager, and vRealize Automation caused by improper permissions in support scripts. A local attacker can escalate to root on affected systems. Technical details indicate affected products include VMwar...

7.8CVSS8.7AI score0.37171EPSS
In wild
CVE
CVE
added 2022/04/13 5:5 p.m.307 views

CVE-2022-22955

CVE-2022-22955 and CVE-2022-22956 affect VMware Workspace ONE Access via the OAuth2 ACS framework. The issues are authentication bypass vulnerabilities that allow a remote attacker to bypass authentication and perform operations due to exposed endpoints. Technical context in connected docs confir...

9.8CVSS9.7AI score0.50694EPSS
In wild
CVE
CVE
added 2022/05/20 8:18 p.m.298 views

CVE-2022-22972

CVE-2022-22972 is an authentication bypass affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. A malicious actor with network access to the UI could obtain administrative access without authentication. Public materials (CVEs, vendor advisories) confirm affected produ...

9.8CVSS9.1AI score0.52813EPSS
In wild
CVE
CVE
added 2022/04/13 12:0 a.m.268 views

CVE-2022-22957

Summary (CVE-2022-22957 / CVE-2022-22958): VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by remote code execution vulnerabilities. The root cause is deserialization of untrusted data via a malicious JDBC URI in the DBConnectionCheckController (CVE-2022-22957) ...

7.2CVSS8.6AI score0.23084EPSS
In wild
CVE
CVE
added 2022/04/13 12:0 a.m.226 views

CVE-2022-22956

CVE-2022-22956 affects VMware Workspace ONE Access. The vulnerability is an authentication bypass in the OAuth2 ACS/OAuth2TokenResourceController layer, created by exposed endpoints that let a remote attacker bypass authentication and perform operations. It is part of a duo with CVE-2022-22955. T...

9.8CVSS9.7AI score0.50694EPSS
In wild
CVE
CVE
added 2023/02/21 12:0 a.m.188 views

CVE-2023-20855

CVE-2023-20855 is an XXE vulnerability in VMware vRealize Orchestrator (affecting vRealize Orchestrator and related products such as vRealize Automation and Cloud Foundation). The root cause is an XML External Entity processing issue that allows a non-administrative user to craft input bypassing ...

8.8CVSS8.7AI score0.01265EPSS
CVE
CVE
added 2022/04/13 5:5 p.m.177 views

CVE-2022-22959

CVE-2022-22959 affects VMware Workspace ONE Access, VMware Identity Manager, and vRealize Automation. The vulnerability is a Cross-Site Request Forgery (CSRF) that can trick a logged-in user into unknowingly validating a malicious JDBC URI, as described in the VMSA-2022-0011 advisory. This mode s...

4.3CVSS6.5AI score0.00497EPSS
CVE
CVE
added 2022/04/13 5:5 p.m.170 views

CVE-2022-22961

CVE-2022-22961 affects VMware products including Workspace ONE Access, Identity Manager and vRealize Automation. The issue is an information-disclosure fault caused by returning excess data, enabling a remote attacker to leak the target’s hostname. The vulnerability is exploitable remotely and co...

5.3CVSS6.8AI score0.00813EPSS
CVE
CVE
added 2022/04/13 5:5 p.m.129 views

CVE-2022-22958

CVE-2022-22958 is part of a pair of remote code execution vulnerabilities affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. Public details in the connected docs confirm two RCE vulnerabilities (CVE-2022-22957 and CVE-2022-22958) that can be triggered by an attacker ...

7.2CVSS8.6AI score0.02952EPSS
In wild
CVE
CVE
added 2021/10/13 3:52 p.m.87 views

CVE-2021-22036

CVE-2021-22036 affects VMware vRealize Orchestrator 8.x before 8.6. The open redirect arises from improper path handling, enabling an attacker to redirect victims to an attacker‑controlled domain and potentially disclose sensitive information. Affected product versions: vRealize Orchestrator 8.x ...

6.5CVSS6AI score0.00895EPSS
CVE
CVE
added 2016/08/31 1:0 a.m.67 views

CVE-2016-5335

CVE-2016-5335 affects VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1. The issue is a local privilege escalation via unspecified vectors, allowing a low-privileged user to obtain root. VMware issued VMSA-2016-0013 and provided patches: Identity Manager 2.7 and vRea...

7.8CVSS7.4AI score0.00343EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.66 views

CVE-2016-7460

CVE-2016-7460 refers to an XML External Entity (XXE) vulnerability in the Single Sign-On feature of VMware products. Affects vCenter Server 5.5 before U3e and 6.0 before U2a, and vRealize Automation 6.x before 6.2.5. A specially crafted XML document containing an external entity declaration and a...

9.1CVSS8.9AI score0.02146EPSS
CVE
CVE
added 2021/12/20 8:8 p.m.66 views

CVE-2021-22056

CVE-2021-22056 is an SSRF vulnerability affecting VMware Workspace ONE Access (versions 21.08, 20.10.0.1, 20.10) and VMware Identity Manager (3.3.5, 3.3.4, 3.3.3). A malicious actor with network access could make HTTP requests to arbitrary origins and read the full response. Red Hat and CVE recor...

7.5CVSS7.6AI score0.01558EPSS
CVE
CVE
added 2018/01/29 4:0 p.m.62 views

CVE-2017-4947

CVE-2017-4947 describes a deserialization vulnerability via Xenon in VMware vRealize Automation (vRA) 7.2/7.3 and VIC 1.x before 1.3, allowing remote code execution on the appliance. Connected documents confirm the affected products/versions and cite mitigation via patches: vRA 7.2/7.3 require up...

10CVSS9.8AI score0.08749EPSS
CVE
CVE
added 2018/04/13 1:0 p.m.62 views

CVE-2018-6959

CVE-2018-6959 affects VMware vRealize Automation (vRA) prior to 7.4.0, with a vulnerability in handling of session IDs that may allow hijacking a valid vRA user session. The Nessus/NVE and VMware advisory entries show affected versions up to 7.3.x (7.0.x–7.3.x) and indicate remediation via update...

9.8CVSS9.3AI score0.02073EPSS
CVE
CVE
added 2018/04/13 1:0 p.m.60 views

CVE-2018-6958

Summary: CVE-2018-6958 affects VMware vRealize Automation (vRA) before 7.3.1, via a DOM-based XSS vulnerability that may lead to a compromised vRA user workstation. Affected versions: vRA 7.0.x, 7.1.x, 7.2.x, and 7.3.x before 7.3.1. Root cause: DOM-based XSS in the vRA interface. Impact: potentia...

6.1CVSS6.1AI score0.01084EPSS
CVE
CVE
added 2016/03/16 10:0 a.m.54 views

CVE-2015-2344

VMware vRealize Automation 6.x is affected by a stored XSS vulnerability (CVE-2015-2344) in which improper input validation allows injected scripts via unspecified vectors. The issue affects 6.x releases prior to 6.2.4 on Linux and can be triggered by a crafted request, potentially compromising a...

5.4CVSS5AI score0.00839EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.51 views

CVE-2016-5334

CVE-2016-5334 affects VMware Identity Manager 2.x < 2.7.1 and vRealize Automation 7.x

5.3CVSS5.2AI score0.02133EPSS
CVE
CVE
added 2016/08/31 1:0 a.m.51 views

CVE-2016-5336

CVE-2016-5336 affects VMware vRealize Automation 7.0.x before 7.1. A remote attacker could execute arbitrary code on the appliance; exploitation is possible without authentication per sources, potentially yielding access to a low-privileged account. The issue is discussed alongside CVE-2016-5335 ...

9.8CVSS9AI score0.02949EPSS