Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
VmwareWorkspace One Access

15 matches found

CVE
CVEadded 2022/04/11 8:15 p.m.1276 views

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

10CVSS9.8AI score0.94441EPSS
CVE
CVEadded 2022/04/13 6:15 p.m.1161 views

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.7AI score0.77217EPSS
CVE
CVEadded 2022/04/13 6:15 p.m.283 views

CVE-2022-22955

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

9.8CVSS9.7AI score0.56895EPSS
CVE
CVEadded 2022/04/13 6:15 p.m.254 views

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

7.2CVSS8.6AI score0.43709EPSS
CVE
CVEadded 2022/05/20 9:15 p.m.245 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

9.8CVSS9.1AI score0.93742EPSS
CVE
CVEadded 2022/05/20 9:15 p.m.215 views

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.6AI score0.04748EPSS
CVE
CVEadded 2022/04/13 6:15 p.m.201 views

CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

9.8CVSS9.7AI score0.56895EPSS
CVE
CVEadded 2022/04/13 6:15 p.m.165 views

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

4.3CVSS6.5AI score0.00414EPSS
CVE
CVEadded 2022/04/13 6:15 p.m.145 views

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting vic...

5.3CVSS6.8AI score0.00542EPSS
CVE
CVEadded 2022/04/13 6:15 p.m.111 views

CVE-2022-22958

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

7.2CVSS8.6AI score0.43709EPSS
CVE
CVEadded 2021/08/31 10:15 p.m.87 views

CVE-2021-22002

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addi...

9.8CVSS9.3AI score0.00398EPSS
CVE
CVEadded 2023/05/30 4:15 p.m.86 views

CVE-2023-20884

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

6.1CVSS5.9AI score0.0027EPSS
CVE
CVEadded 2021/08/31 10:15 p.m.80 views

CVE-2021-22003

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and pa...

7.5CVSS8.6AI score0.00356EPSS
CVE
CVEadded 2021/12/20 9:15 p.m.53 views

CVE-2021-22057

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.

8.8CVSS8.7AI score0.00167EPSS
CVE
CVEadded 2021/12/20 9:15 p.m.50 views

CVE-2021-22056

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

7.5CVSS7.6AI score0.00796EPSS