VMware

Vrealize Automation

20 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-22056

  • EPSS 0.89%
  • Published 20.12.2021 21:15:07
  • Last modified 21.11.2024 05:49:30

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full respons...

6.5

CVE-2021-22036

  • EPSS 0.58%
  • Published 13.10.2021 16:15:07
  • Last modified 21.11.2024 05:49:28

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orches...

9.8

CVE-2018-6959

  • EPSS 1.3%
  • Published 13.04.2018 13:29:00
  • Last modified 21.11.2024 04:11:29

VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.

6.1

CVE-2018-6958

  • EPSS 0.22%
  • Published 13.04.2018 13:29:00
  • Last modified 21.11.2024 04:11:28

VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.

10

CVE-2017-4947

  • EPSS 26.64%
  • Published 29.01.2018 16:29:00
  • Last modified 21.11.2024 03:26:44

VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance...

9.1

CVE-2016-7460

  • EPSS 2.01%
  • Published 29.12.2016 09:59:00
  • Last modified 12.04.2025 10:46:40

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external ent...

5.3

CVE-2016-5334

  • EPSS 0.23%
  • Published 29.12.2016 09:59:00
  • Last modified 12.04.2025 10:46:40

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

9.8

CVE-2016-5336

  • EPSS 1.93%
  • Published 31.08.2016 01:59:19
  • Last modified 12.04.2025 10:46:40

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

7.8

CVE-2016-5335

  • EPSS 0.03%
  • Published 31.08.2016 01:59:18
  • Last modified 12.04.2025 10:46:40

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.

5.4

CVE-2015-2344

  • EPSS 0.11%
  • Published 16.03.2016 10:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.