Vrealize Automation@7.6 Security Vulnerabilities and Issues — Vrealize Automation@7.6 CVE List

Lucene search

VmwareVrealize Automation7.6

10 matches found

CVE•added 2022/04/11 8:15 p.m.•1273 views

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

10CVSS9.8AI score0.94441EPSS

CVE•added 2022/04/13 6:15 p.m.•1158 views

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.7AI score0.77217EPSS

CVE•added 2022/04/13 6:15 p.m.•283 views

CVE-2022-22955

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

9.8CVSS9.7AI score0.56895EPSS

CVE•added 2022/04/13 6:15 p.m.•254 views

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

7.2CVSS8.6AI score0.43709EPSS

CVE•added 2022/05/20 9:15 p.m.•242 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

9.8CVSS9.1AI score0.93742EPSS

CVE•added 2022/04/13 6:15 p.m.•201 views

CVE-2022-22956

9.8CVSS9.7AI score0.56895EPSS

CVE•added 2022/04/13 6:15 p.m.•165 views

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

4.3CVSS6.5AI score0.00414EPSS

CVE•added 2022/04/13 6:15 p.m.•145 views

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting vic...

5.3CVSS6.8AI score0.00542EPSS

CVE•added 2022/04/13 6:15 p.m.•111 views

CVE-2022-22958

7.2CVSS8.6AI score0.43709EPSS

CVE•added 2021/12/20 9:15 p.m.•50 views

CVE-2021-22056

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

7.5CVSS7.6AI score0.00796EPSS