VMware

Vrealize Automation

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-20855

  • EPSS 0.1%
  • Veröffentlicht 22.02.2023 00:15:11
  • Zuletzt bearbeitet 17.03.2025 19:15:17

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to acc...

9.8

CVE-2022-22972

Warnung
  • EPSS 93.65%
  • Veröffentlicht 20.05.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:47:43

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the...

5.3

CVE-2022-22961

  • EPSS 0.62%
  • Veröffentlicht 13.04.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 06:47:41

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exp...

7.8

CVE-2022-22960

Warnung Exploit
  • EPSS 70.42%
  • Veröffentlicht 13.04.2022 18:15:13
  • Zuletzt bearbeitet 30.10.2025 20:03:55

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

4.3

CVE-2022-22959

  • EPSS 0.46%
  • Veröffentlicht 13.04.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 06:47:41

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

7.2

CVE-2022-22958

  • EPSS 1.86%
  • Veröffentlicht 13.04.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 06:47:41

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data thro...

7.2

CVE-2022-22957

  • EPSS 47.26%
  • Veröffentlicht 13.04.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 06:47:41

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data thro...

9.8

CVE-2022-22956

  • EPSS 78.64%
  • Veröffentlicht 13.04.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 06:47:40

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in t...

9.8

CVE-2022-22955

  • EPSS 38.6%
  • Veröffentlicht 13.04.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 06:47:40

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in t...

10

CVE-2022-22954

Warnung Exploit
  • EPSS 94.44%
  • Veröffentlicht 11.04.2022 20:15:19
  • Zuletzt bearbeitet 30.10.2025 20:04:37

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code ex...