Workspace One Access@20.10.0.1 Security Vulnerabilities and Issues — Workspace One Access@20.10.0.1 CVE List

Lucene search

VmwareWorkspace One Access20.10.0.1

11 matches found

CVE•added 2022/04/11 8:15 p.m.•1276 views

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

10CVSS9.8AI score0.94441EPSS

CVE•added 2022/04/13 6:15 p.m.•1161 views

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.7AI score0.77217EPSS

CVE•added 2022/04/13 6:15 p.m.•283 views

CVE-2022-22955

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

9.8CVSS9.7AI score0.56895EPSS

CVE•added 2022/04/13 6:15 p.m.•254 views

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

7.2CVSS8.6AI score0.43709EPSS

CVE•added 2022/05/20 9:15 p.m.•245 views

CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

9.8CVSS9.1AI score0.93742EPSS

CVE•added 2022/05/20 9:15 p.m.•215 views

CVE-2022-22973

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

7.8CVSS8.6AI score0.04748EPSS

CVE•added 2022/04/13 6:15 p.m.•201 views

CVE-2022-22956

9.8CVSS9.7AI score0.56895EPSS

CVE•added 2022/04/13 6:15 p.m.•165 views

CVE-2022-22959

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

4.3CVSS6.5AI score0.00414EPSS

CVE•added 2022/04/13 6:15 p.m.•145 views

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting vic...

5.3CVSS6.8AI score0.00542EPSS

CVE•added 2022/04/13 6:15 p.m.•111 views

CVE-2022-22958

7.2CVSS8.6AI score0.43709EPSS

CVE•added 2021/12/20 9:15 p.m.•53 views

CVE-2021-22057

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.

8.8CVSS8.7AI score0.00167EPSS