15 matches found
CVE-2022-22954
CVE-2022-22954 is a server-side template injection (SSTI) leading to remote code execution in VMware Workspace ONE Access and VMware Identity Manager. The vulnerability allows an attacker with network access to trigger SSTI in Freemarker templates, potentially compromising the underlying system. ...
CVE-2022-22960
CVE-2022-22960 is a VMware privilege-escalation vulnerability in Workspace ONE Access, Identity Manager, and vRealize Automation caused by improper permissions in support scripts. A local attacker can escalate to root on affected systems. Technical details indicate affected products include VMwar...
CVE-2022-22955
CVE-2022-22955 and CVE-2022-22956 affect VMware Workspace ONE Access via the OAuth2 ACS framework. The issues are authentication bypass vulnerabilities that allow a remote attacker to bypass authentication and perform operations due to exposed endpoints. Technical context in connected docs confir...
CVE-2022-22972
CVE-2022-22972 is an authentication bypass affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. A malicious actor with network access to the UI could obtain administrative access without authentication. Public materials (CVEs, vendor advisories) confirm affected produ...
CVE-2022-22957
Summary (CVE-2022-22957 / CVE-2022-22958): VMware Workspace ONE Access, Identity Manager and vRealize Automation are affected by remote code execution vulnerabilities. The root cause is deserialization of untrusted data via a malicious JDBC URI in the DBConnectionCheckController (CVE-2022-22957) ...
CVE-2022-22973
CVE-2022-22973 is a local privilege escalation affecting VMware Workspace ONE Access and VMware Identity Manager. The root cause is improper permissions/handling in support scripts, permitting an attacker with local access to escalate to root. Affected product lines include Workspace ONE Access a...
CVE-2022-22956
CVE-2022-22956 affects VMware Workspace ONE Access. The vulnerability is an authentication bypass in the OAuth2 ACS/OAuth2TokenResourceController layer, created by exposed endpoints that let a remote attacker bypass authentication and perform operations. It is part of a duo with CVE-2022-22955. T...
CVE-2022-22959
CVE-2022-22959 affects VMware Workspace ONE Access, VMware Identity Manager, and vRealize Automation. The vulnerability is a Cross-Site Request Forgery (CSRF) that can trick a logged-in user into unknowingly validating a malicious JDBC URI, as described in the VMSA-2022-0011 advisory. This mode s...
CVE-2022-22961
CVE-2022-22961 affects VMware products including Workspace ONE Access, Identity Manager and vRealize Automation. The issue is an information-disclosure fault caused by returning excess data, enabling a remote attacker to leak the target’s hostname. The vulnerability is exploitable remotely and co...
CVE-2022-22958
CVE-2022-22958 is part of a pair of remote code execution vulnerabilities affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. Public details in the connected docs confirm two RCE vulnerabilities (CVE-2022-22957 and CVE-2022-22958) that can be triggered by an attacker ...
CVE-2023-20884
CVE-2023-20884 affects VMware Workspace ONE Access and VMware Identity Manager. The issue is an insecure redirect caused by improper path handling that could allow an unauthenticated attacker to redirect victims to attacker-controlled domains, potentially disclosing sensitive information. VMware ...
CVE-2021-22002
CVE-2021-22002 affects VMware Workspace ONE Access and Identity Manager. The flaw allows tampering with host headers to access the /cfg web app and diagnostic endpoints over port 443, bypassing authentication for those resources. The root cause is improper validation of host headers that enables ...
CVE-2021-22003
CVE-2021-22003 affects VMware Workspace One Access and Identity Manager. The issue is an unintentionally exposed login interface on port 7443. An attacker with network access could perform user enumeration or brute force the login endpoint, with practicality hinging on the target’s lockout policy...
CVE-2021-22057
VMware Workspace ONE Access contains an authentication bypass vulnerability (CVE-2021-22057) affecting 20.10 through 21.08. A malicious actor who passed first-factor authentication may bypass VMware Verify second-factor authentication. Affected products/versions per sources include Access 21.08.0...
CVE-2021-22056
CVE-2021-22056 is an SSRF vulnerability affecting VMware Workspace ONE Access (versions 21.08, 20.10.0.1, 20.10) and VMware Identity Manager (3.3.5, 3.3.4, 3.3.3). A malicious actor with network access could make HTTP requests to arbitrary origins and read the full response. Red Hat and CVE recor...