Vulnerabilites related to vmware - identity_manager
cve-2022-31664
Vulnerability from cvelistv5
Published
2022-08-05 15:06
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:15",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31664",
"datePublished": "2022-08-05T15:06:15",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22972
Vulnerability from cvelistv5
Published
2022-05-20 20:18
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0014.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:18:39",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22972",
"datePublished": "2022-05-20T20:18:39",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22956
Vulnerability from cvelistv5
Published
2022-04-13 00:00
Modified
2025-02-13 16:28
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 \u0026 CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T19:06:17.459Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22956",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:57.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22961
Vulnerability from cvelistv5
Published
2022-04-13 17:05
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0011.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:56",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22961",
"datePublished": "2022-04-13T17:05:56",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31656
Vulnerability from cvelistv5
Published
2022-08-05 15:07
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:24",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31656",
"datePublished": "2022-08-05T15:07:24",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31657
Vulnerability from cvelistv5
Published
2022-08-05 15:07
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:39",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31657",
"datePublished": "2022-08-05T15:07:39",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31662
Vulnerability from cvelistv5
Published
2022-08-05 15:05
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Access Connector, Identity Manager, vIDM Connector and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Access Connector (21.08.0.1, 21.08.0.0, 22.05), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), vIDM Connector (3.3.6, 3.3.5, 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Access Connector, Identity Manager, vIDM Connector and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Access Connector (21.08.0.1, 21.08.0.0, 22.05), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), vIDM Connector (3.3.6, 3.3.5, 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:05:34",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Access Connector, Identity Manager, vIDM Connector and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Access Connector (21.08.0.1, 21.08.0.0, 22.05), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), vIDM Connector (3.3.6, 3.3.5, 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31662",
"datePublished": "2022-08-05T15:05:34",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22973
Vulnerability from cvelistv5
Published
2022-05-20 20:18
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0014.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager. |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:18:27",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager.",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22973",
"datePublished": "2022-05-20T20:18:27",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22960
Vulnerability from cvelistv5
Published
2022-04-13 00:00
Modified
2025-01-29 16:34
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22960",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:34:09.436482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22960"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:34:14.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22960",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-01-29T16:34:14.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31659
Vulnerability from cvelistv5
Published
2022-08-05 15:06
Modified
2024-11-14 14:10
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:09:50.115526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:10:07.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:41",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31659",
"datePublished": "2022-08-05T15:06:41",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-11-14T14:10:07.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31661
Vulnerability from cvelistv5
Published
2022-08-05 15:06
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:55",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31661",
"datePublished": "2022-08-05T15:06:55",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22003
Vulnerability from cvelistv5
Published
2021-08-31 21:02
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0016.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager |
Version: Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace ONE Access 20.10.01, 20.10 \u0026 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 \u0026 3.3.2."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T21:02:31",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager",
"version": {
"version_data": [
{
"version_value": "Workspace ONE Access 20.10.01, 20.10 \u0026 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 \u0026 3.3.2."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22003",
"datePublished": "2021-08-31T21:02:31",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22002
Vulnerability from cvelistv5
Published
2021-08-31 21:02
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0016.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. vRealize Automation (vIDM) 7.6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace ONE Access 20.10.01, 20.10 \u0026 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 \u0026 3.3.2. vRealize Automation (vIDM) 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Host header vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T21:02:21",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace ONE Access 20.10.01, 20.10 \u0026 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 \u0026 3.3.2. vRealize Automation (vIDM) 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Host header vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22002",
"datePublished": "2021-08-31T21:02:21",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22056
Vulnerability from cvelistv5
Published
2021-12-20 20:08
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2021-0030.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager |
Version: VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace Access and Identity Manager patches SSRF vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T20:08:27",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace Access and Identity Manager patches SSRF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22056",
"datePublished": "2021-12-20T20:08:27",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22958
Vulnerability from cvelistv5
Published
2022-04-13 17:05
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0011.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation. |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:58",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22958",
"datePublished": "2022-04-13T17:05:58",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31658
Vulnerability from cvelistv5
Published
2022-08-05 15:07
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:10",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31658",
"datePublished": "2022-08-05T15:07:10",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31700
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM) |
Version: VMware Workspace ONE Access (Multiple Versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workspace ONE Access (Multiple Versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31700",
"datePublished": "2022-12-14T00:00:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22954
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2025-02-04 14:20
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22954",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:20:48.327758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22954"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T14:20:53.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T17:06:08.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"name": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22954",
"datePublished": "2022-04-11T19:37:39.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-02-04T14:20:53.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22957
Vulnerability from cvelistv5
Published
2022-04-13 00:00
Modified
2025-02-13 16:28
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation. |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T19:06:16.134Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22957",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:58.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31660
Vulnerability from cvelistv5
Published
2022-08-05 15:05
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:05:45",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31660",
"datePublished": "2022-08-05T15:05:45",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31663
Vulnerability from cvelistv5
Published
2022-08-05 15:06
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user\u0027s window."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:30",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user\u0027s window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31663",
"datePublished": "2022-08-05T15:06:30",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22959
Vulnerability from cvelistv5
Published
2022-04-13 17:05
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0011.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22959",
"datePublished": "2022-04-13T17:05:54",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31665
Vulnerability from cvelistv5
Published
2022-08-05 15:06
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Version: Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31665",
"datePublished": "2022-08-05T15:06:00",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22955
Vulnerability from cvelistv5
Published
2022-04-13 17:05
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2022-0011.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access |
Version: Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 \u0026 CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:58",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 \u0026 CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22955",
"datePublished": "2022-04-13T17:05:58",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5335
Vulnerability from cvelistv5
Published
2016-08-31 01:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2016-0013.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036685 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92608 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0013.html"
},
{
"name": "1036685",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036685"
},
{
"name": "92608",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0013.html"
},
{
"name": "1036685",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036685"
},
{
"name": "92608",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0013.html"
},
{
"name": "1036685",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036685"
},
{
"name": "92608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5335",
"datePublished": "2016-08-31T01:00:00",
"dateReserved": "2016-06-07T00:00:00",
"dateUpdated": "2024-08-06T01:00:59.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5334
Vulnerability from cvelistv5
Published
2016-12-29 09:02
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037326 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2016-0021.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94482 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:58.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037326",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html"
},
{
"name": "94482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1037326",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html"
},
{
"name": "94482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94482"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037326",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037326"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html"
},
{
"name": "94482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94482"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5334",
"datePublished": "2016-12-29T09:02:00",
"dateReserved": "2016-06-07T00:00:00",
"dateUpdated": "2024-08-06T01:00:58.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20884
Vulnerability from cvelistv5
Published
2023-05-30 15:05
Modified
2025-01-10 18:58
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation) |
Version: Workspace ONE Access 22.09.1.0, Workspace ONE Access 22.09.0.0, Workspace ONE Access 21.08.x, VMware Identity Manager 3.3.7, VMware Identity Manager 3.3.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:32.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T18:58:05.456797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T18:58:11.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace ONE Access 22.09.1.0, Workspace ONE Access 22.09.0.0, Workspace ONE Access 21.08.x, VMware Identity Manager 3.3.7, VMware Identity Manager 3.3.6"
}
]
}
],
"datePublic": "2023-05-30T15:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability.\u0026nbsp;An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure."
}
],
"value": "VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability.\u00a0An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Redirect Vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T15:06:05.576Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20884",
"datePublished": "2023-05-30T15:05:53.284Z",
"dateReserved": "2022-11-01T15:41:50.393Z",
"dateUpdated": "2025-01-10T18:58:11.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4006
Vulnerability from cvelistv5
Published
2020-11-23 21:22
Modified
2025-02-04 15:43
Severity ?
EPSS score ?
Summary
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0027.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/724367"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-4006",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T15:35:26.673844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-4006"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T15:43:44.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T21:22:40.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0027.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-4006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0027.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0027.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-4006",
"datePublished": "2020-11-23T21:22:40.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2025-02-04T15:43:44.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-04-13 18:15
Modified
2025-02-12 20:03
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | - | |
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 |
{
"cisaActionDue": "2022-05-06",
"cisaExploitAdd": "2022-04-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware Multiple Products Privilege Escalation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios debido a permisos inapropiados en scripts de soporte. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-22960",
"lastModified": "2025-02-12T20:03:03.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-04-13T18:15:13.510",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-31 22:15
Modified
2024-11-21 05:49
Severity ?
Summary
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0016.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0016.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.2 | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | workspace_one_access | 20.01 | |
| vmware | workspace_one_access | 20.10 | |
| vmware | workspace_one_access | 20.10.01 | |
| linux | linux_kernel | - | |
| vmware | cloud_foundation | 4.0 | |
| vmware | cloud_foundation | 4.0.1 | |
| vmware | cloud_foundation | 4.1 | |
| vmware | cloud_foundation | 4.1.0.1 | |
| vmware | cloud_foundation | 4.2.1 | |
| vmware | vrealize_suite_lifecycle_manager | 8.0 | |
| vmware | vrealize_suite_lifecycle_manager | 8.0.1 | |
| vmware | vrealize_suite_lifecycle_manager | 8.1 | |
| vmware | vrealize_suite_lifecycle_manager | 8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22BC2D96-5922-4995-B006-1BAB5FE51D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFD453B-7658-4FDA-BA4D-B13681F51724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC57F3A-E726-4EE5-924D-9C94FED4718D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D6348-E71A-4DA4-AC84-51397B2461A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4C5700-1AFE-49F6-AC92-09F2349345ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3318D91-40AC-4649-8FCD-4557C8F934B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A06C29AB-1EAF-43EF-96C3-9E3468911B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43723EC2-295E-4AF7-B654-70F9E42F4807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager, permiten el acceso a la aplicaci\u00f3n web /cfg y a los endpoints de diagn\u00f3stico, en el puerto 8443, por medio del puerto 443 usando un encabezado de host personalizado. Un actor malicioso con acceso de red al puerto 443 podr\u00eda manipular los encabezados de host para facilitar el acceso a la aplicaci\u00f3n web /cfg, adem\u00e1s, un actor malicioso podr\u00eda acceder a los endpoints de diagn\u00f3stico /cfg sin autenticaci\u00f3n"
}
],
"id": "CVE-2021-22002",
"lastModified": "2024-11-21T05:49:25.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-31T22:15:08.320",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-20 21:15
Modified
2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEACD8D-30EF-44FE-839B-DA69E6CED23A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36847AD6-88CC-4228-AB4E-5161B381267C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3C214-DEFC-48D9-8728-31F19095375E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF5CF56-8DE1-42F5-9EC1-E5666DD7FA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36668618-33C3-460A-879B-A9741405C9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8266FD66-3BB6-4720-9D9F-06EFB38FA4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4C25D3-BC49-4727-B7A2-28C0F2E647EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9AB6FF-D508-42FF-8FB9-24B96AE2F03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "328785AE-390C-4CA2-9771-4A26387E4E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298B797F-C3B6-445C-AADB-8633B446F10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F97BA12F-A60D-4398-9CA8-DE2F7BACBA8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E19009EB-02D3-424A-947D-7B66EFCCE422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "89656A51-0840-4A27-B05B-7E54B0CF0521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11C27637-44C5-4678-AF19-82E6CB9B15E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D26128AF-864F-403E-A491-437FEC0BE1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8D11F7-A6C1-4E9A-A288-B90B90B0CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2DDABB-1590-4AE7-B96D-BB7FB209582D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79A33F-A1FF-438F-BC77-94ACC45F5488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "42DF0955-2FDD-46BF-9932-AF2C8F8A7599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25759430-C6E1-45F9-B149-3091730CCB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D6348-E71A-4DA4-AC84-51397B2461A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E841E8EF-9500-4937-BAC4-8AB76C96A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4C5700-1AFE-49F6-AC92-09F2349345ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B23891F3-08B7-480B-9B83-81381E33212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC07793-6DB1-4ACD-976D-A370FFAE505A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3318D91-40AC-4649-8FCD-4557C8F934B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A06C29AB-1EAF-43EF-96C3-9E3468911B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43723EC2-295E-4AF7-B654-70F9E42F4807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FD4A0BCE-E22E-419E-9CC0-7D535CC49E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "80868C66-E615-47E3-BA67-152FE833A10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch3:*:*:*:*:*:*",
"matchCriteriaId": "7DF3AFD0-1DDD-4F9D-BD33-85978CF101ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E80F36FA-EE84-47BE-95EB-17B49FBCC86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch1:*:*:*:*:*:*",
"matchCriteriaId": "85854D70-E8A1-4AD9-872B-8D9BEEB7FAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch2:*:*:*:*:*:*",
"matchCriteriaId": "9CF575E5-0FB4-4EC6-AE02-0565A976B98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch3:*:*:*:*:*:*",
"matchCriteriaId": "A99C818B-7215-4422-87C4-D500F6931442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3617E4AC-630F-4AF2-855A-872AD2ECC3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:patch1:*:*:*:*:*:*",
"matchCriteriaId": "969F3DA5-A0C3-4F30-B786-46BCC280D6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B8D22C-1C36-4125-9C58-1C2472EF64F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "356479A9-C5F9-4714-A29A-464FE738F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "95D8DEAC-50BF-4B1B-B3EC-E9D54EEC0755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "B16A6A96-C904-416F-A4D3-FB22CAC07610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73825FF7-AFD1-4948-ABB7-0E73D4AC72C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3BAC746E-7897-4ED0-8120-2953A5CECF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A07377B1-9536-4EDE-AA25-FAD474855711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DF26D0-EBCD-4E35-9218-74B56DCB7A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F065F309-E25C-4CB2-85DD-98ED3648B069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E88B150-4BB0-40FC-9333-737C97BADE09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que afecta a usuarios del dominio local. Un actor malicioso con acceso de red a la interfaz de usuario puede obtener acceso administrativo sin necesidad de autenticarse"
}
],
"id": "CVE-2022-22972",
"lastModified": "2024-11-21T06:47:43.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T21:15:09.847",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-31664",
"lastModified": "2024-11-21T07:05:04.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.940",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager, Connectors y vRealize Automation contienen una vulnerabilidad de salto de ruta. Un actor malicioso con acceso a la red puede ser capaz de acceder a archivos arbitrarios"
}
],
"id": "CVE-2022-31662",
"lastModified": "2024-11-21T07:05:04.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.860",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 20:15
Modified
2025-02-04 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | cloud_foundation | * | |
| vmware | vrealize_suite_lifecycle_manager | * |
{
"cisaActionDue": "2022-05-05",
"cisaExploitAdd": "2022-04-14",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5937FC-B5FF-432C-9120-7138D0FD7665",
"versionEndIncluding": "8.6",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326A2867-797D-4AA9-8D2C-43E8CDA0BCFC",
"versionEndIncluding": "4.3.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4767C7D-8165-43A6-8F16-12F8EE65FDFB",
"versionEndIncluding": "8.2",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota debido a una inyecci\u00f3n de plantillas del lado del servidor. Un actor malicioso con acceso a la red puede desencadenar una inyecci\u00f3n de plantillas del lado del servidor que puede resultar en la ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-22954",
"lastModified": "2025-02-04T15:15:14.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-04-11T20:15:19.890",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de inyecci\u00f3n de URL. Un actor malicioso con acceso a la red puede ser capaz de redirigir a un usuario autenticado a un dominio arbitrario"
}
],
"id": "CVE-2022-31657",
"lastModified": "2024-11-21T07:05:03.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.653",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 01:59
Modified
2024-11-21 02:54
Severity ?
Summary
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/92608 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1036685 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2016-0013.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92608 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036685 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2016-0013.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | * | |
| vmware | vrealize_automation | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3B9494-7DE3-4934-A615-E66305058C41",
"versionEndExcluding": "2.7",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB633DA1-409E-494F-9A4F-FEEDC2FD308B",
"versionEndExcluding": "7.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors."
},
{
"lang": "es",
"value": "VMware Identity Manager 2.x en versiones anteriores a 2.7 y vRealize Automation 7.0.x en versiones anteriores a 7.1 permiten a usuarios locales obtener acceso root a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-5335",
"lastModified": "2024-11-21T02:54:07.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T01:59:18.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92608"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036685"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0013.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-31665",
"lastModified": "2024-11-21T07:05:05.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.983",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 18:15
Modified
2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 \u0026 CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access presenta dos vulnerabilidades de omisi\u00f3n de autenticaci\u00f3n (CVE-2022-22955 y CVE-2022-22956) en el marco OAuth2 ACS. Un actor malicioso puede omitir el mecanismo de autenticaci\u00f3n y ejecutar cualquier operaci\u00f3n debido a los endpoints expuestos en el marco de autenticaci\u00f3n"
}
],
"id": "CVE-2022-22955",
"lastModified": "2024-11-21T06:47:40.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:12.820",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 22.05 | |
| vmware | access_connector | 22.08.0.0 | |
| vmware | access_connector | 22.08.0.1 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44797503-1D15-4799-BCBA-E3810B05A373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "314BB1F7-9845-486D-8CA1-7E1A03FE0FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-31659",
"lastModified": "2024-11-21T07:05:04.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.737",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user\u0027s window."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de tipo cross-site scripting (XSS) reflejada. Debido a un saneo inapropiado de la entrada del usuario, un actor malicioso con cierta interacci\u00f3n con el usuario puede ser capaz de inyectar c\u00f3digo javascript en la ventana del usuario objetivo"
}
],
"id": "CVE-2022-31663",
"lastModified": "2024-11-21T07:05:04.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.900",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-30 16:15
Modified
2025-01-10 19:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2023-0011.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2023-0011.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.6 | |
| vmware | identity_manager | 3.3.7 | |
| linux | linux_kernel | - | |
| vmware | workspace_one_access | * | |
| linux | linux_kernel | - | |
| vmware | cloud_foundation | - | |
| vmware | identity_manager_connector | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A6085F21-481D-4853-9EA6-26497FAB1A03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C226C8E-9B48-43F7-8692-66F204957899",
"versionEndIncluding": "22.09.1.0",
"versionStartIncluding": "21.0.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A7BB38-3238-413E-9736-F1A165D40867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E75DB1CB-C921-421E-B793-0C48AB15C574",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability.\u00a0An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure."
}
],
"id": "CVE-2023-20884",
"lastModified": "2025-01-10T19:15:31.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-30T16:15:09.390",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-23 22:15
Modified
2025-02-04 16:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.1 | |
| vmware | identity_manager | 3.3.2 | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager_connector | 3.3.1 | |
| vmware | identity_manager_connector | 3.3.2 | |
| vmware | one_access | 20.01 | |
| vmware | one_access | 20.10 | |
| linux | linux_kernel | - | |
| vmware | identity_manager_connector | 3.3.1 | |
| vmware | identity_manager_connector | 3.3.2 | |
| vmware | identity_manager_connector | 3.3.3 | |
| microsoft | windows | - | |
| vmware | cloud_foundation | 4.0 | |
| vmware | cloud_foundation | 4.0.1 | |
| vmware | vrealize_suite_lifecycle_manager | * |
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Multiple VMware Products Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DAA017-7535-47D6-A4C7-59F69ED0F43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22BC2D96-5922-4995-B006-1BAB5FE51D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFFC72D-0068-49D0-B816-706CC2A2389C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9DF6CB-58CF-49BE-B61C-F5115B333E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1A251628-E02A-42B2-85E4-71C2B6F09BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D86477D5-C441-490C-A9D3-9CDE47542191",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFFC72D-0068-49D0-B816-706CC2A2389C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9DF6CB-58CF-49BE-B61C-F5115B333E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D035B36-3D87-494F-B147-6D03F2B1A375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4767C7D-8165-43A6-8F16-12F8EE65FDFB",
"versionEndIncluding": "8.2",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability."
},
{
"lang": "es",
"value": "VMware Workspace One Access, Access Connector, Identity Manager e Identity Manager Connector abordan una vulnerabilidad de inyecci\u00f3n de comandos"
}
],
"id": "CVE-2020-4006",
"lastModified": "2025-02-04T16:15:32.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-11-23T22:15:12.663",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/724367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0027.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-31660",
"lastModified": "2024-11-21T07:05:04.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.777",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 18:15
Modified
2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de tipo cross site request forgery. Un actor malicioso puede enga\u00f1ar a un usuario mediante un ataque de tipo cross site request forgery para que compruebe involuntariamente un URI JDBC malicioso"
}
],
"id": "CVE-2022-22959",
"lastModified": "2024-11-21T06:47:41.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:13.373",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-20 21:15
Modified
2024-11-21 05:49
Severity ?
Summary
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0030.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0030.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | workspace_one_access | 20.10 | |
| vmware | workspace_one_access | 20.10.01 | |
| vmware | workspace_one_access | 21.08 | |
| vmware | workspace_one_access | 21.08.01 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5937FC-B5FF-432C-9120-7138D0FD7665",
"versionEndIncluding": "8.6",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC57F3A-E726-4EE5-924D-9C94FED4718D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D31E45-25F5-4842-98FD-2CD68D2C786B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.01:*:*:*:*:*:*:*",
"matchCriteriaId": "90BB4A84-0BE5-4228-AB80-33E04B7716C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10 y Identity Manager versiones 3.3.5, 3.3.4 y 3.3.3, contienen una vulnerabilidad de tipo SSRF. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP a or\u00edgenes arbitrarios y leer la respuesta completa"
}
],
"id": "CVE-2021-22056",
"lastModified": "2024-11-21T05:49:30.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-20T21:15:07.960",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-20 21:15
Modified
2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D6348-E71A-4DA4-AC84-51397B2461A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E841E8EF-9500-4937-BAC4-8AB76C96A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4C5700-1AFE-49F6-AC92-09F2349345ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B23891F3-08B7-480B-9B83-81381E33212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC07793-6DB1-4ACD-976D-A370FFAE505A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3318D91-40AC-4649-8FCD-4557C8F934B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A06C29AB-1EAF-43EF-96C3-9E3468911B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43723EC2-295E-4AF7-B654-70F9E42F4807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FD4A0BCE-E22E-419E-9CC0-7D535CC49E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "80868C66-E615-47E3-BA67-152FE833A10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch3:*:*:*:*:*:*",
"matchCriteriaId": "7DF3AFD0-1DDD-4F9D-BD33-85978CF101ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E80F36FA-EE84-47BE-95EB-17B49FBCC86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch1:*:*:*:*:*:*",
"matchCriteriaId": "85854D70-E8A1-4AD9-872B-8D9BEEB7FAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch2:*:*:*:*:*:*",
"matchCriteriaId": "9CF575E5-0FB4-4EC6-AE02-0565A976B98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch3:*:*:*:*:*:*",
"matchCriteriaId": "A99C818B-7215-4422-87C4-D500F6931442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3617E4AC-630F-4AF2-855A-872AD2ECC3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:patch1:*:*:*:*:*:*",
"matchCriteriaId": "969F3DA5-A0C3-4F30-B786-46BCC280D6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B8D22C-1C36-4125-9C58-1C2472EF64F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "356479A9-C5F9-4714-A29A-464FE738F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "95D8DEAC-50BF-4B1B-B3EC-E9D54EEC0755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "B16A6A96-C904-416F-A4D3-FB22CAC07610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73825FF7-AFD1-4948-ABB7-0E73D4AC72C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3BAC746E-7897-4ED0-8120-2953A5CECF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A07377B1-9536-4EDE-AA25-FAD474855711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DF26D0-EBCD-4E35-9218-74B56DCB7A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F065F309-E25C-4CB2-85DD-98ED3648B069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E88B150-4BB0-40FC-9333-737C97BADE09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-22973",
"lastModified": "2024-11-21T06:47:43.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T21:15:09.893",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-31658",
"lastModified": "2024-11-21T07:05:04.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.697",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-29 09:59
Modified
2024-11-21 02:54
Severity ?
Summary
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94482 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037326 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2016-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94482 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037326 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2016-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | * | |
| vmware | vrealize_automation | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA3232-F991-4B14-BD74-E6C7BC14ACBD",
"versionEndExcluding": "2.7.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD20B11-BBDF-4A43-8266-39C549E049A1",
"versionEndExcluding": "7.2.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors."
},
{
"lang": "es",
"value": "VMware Identity Manager 2.x en versiones anteriores a 2.7.1 y vRealize Automation 7.x en versiones anteriores a 7.2.0 permite a atacantes remotos leer archivos /SAAS/WEB-INF y /SAAS/META-INF a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-5334",
"lastModified": "2024-11-21T02:54:07.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-29T09:59:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94482"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037326"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-31 22:15
Modified
2024-11-21 05:49
Severity ?
Summary
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0016.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0016.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.2 | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | workspace_one_access | 20.01 | |
| vmware | workspace_one_access | 20.10 | |
| vmware | workspace_one_access | 20.10.01 | |
| linux | linux_kernel | - | |
| vmware | cloud_foundation | 4.0 | |
| vmware | cloud_foundation | 4.0.1 | |
| vmware | cloud_foundation | 4.1 | |
| vmware | cloud_foundation | 4.1.0.1 | |
| vmware | cloud_foundation | 4.2.1 | |
| vmware | vrealize_suite_lifecycle_manager | 8.0 | |
| vmware | vrealize_suite_lifecycle_manager | 8.0.1 | |
| vmware | vrealize_suite_lifecycle_manager | 8.1 | |
| vmware | vrealize_suite_lifecycle_manager | 8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22BC2D96-5922-4995-B006-1BAB5FE51D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.01:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFD453B-7658-4FDA-BA4D-B13681F51724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC57F3A-E726-4EE5-924D-9C94FED4718D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D6348-E71A-4DA4-AC84-51397B2461A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4C5700-1AFE-49F6-AC92-09F2349345ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3318D91-40AC-4649-8FCD-4557C8F934B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A06C29AB-1EAF-43EF-96C3-9E3468911B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43723EC2-295E-4AF7-B654-70F9E42F4807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager, proporcionan sin intenci\u00f3n una interfaz de inicio de sesi\u00f3n en el puerto 7443. Un actor malicioso con acceso a la red al puerto 7443 puede intentar enumerar a usuarios o forzar el endpoint de inicio de sesi\u00f3n, que puede o no ser pr\u00e1ctico basado en la configuraci\u00f3n de la pol\u00edtica de bloqueo y la complejidad de la contrase\u00f1a de la cuenta de destino"
}
],
"id": "CVE-2021-22003",
"lastModified": "2024-11-21T05:49:25.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-31T22:15:08.367",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 18:15
Modified
2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecuci\u00f3n de c\u00f3digo remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso administrativo puede desencadenar la deserializaci\u00f3n de datos no confiables mediante un URI JDBC malicioso que puede resultar en una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-22958",
"lastModified": "2024-11-21T06:47:41.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:13.230",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-31661",
"lastModified": "2024-11-21T07:05:04.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.817",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 18:15
Modified
2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido a una devoluci\u00f3n de informaci\u00f3n excesiva. Un actor malicioso con acceso remoto puede filtrar el nombre de host del sistema de destino. Una explotaci\u00f3n con \u00e9xito de este problema puede conllevar a una selecci\u00f3n de v\u00edctimas"
}
],
"id": "CVE-2022-22961",
"lastModified": "2024-11-21T06:47:41.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:13.667",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 18:15
Modified
2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 \u0026 CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access presenta dos vulnerabilidades de omisi\u00f3n de autenticaci\u00f3n (CVE-2022-22955 y CVE-2022-22956) en el marco de OAuth2 ACS. Un actor malicioso puede omitir el mecanismo de autenticaci\u00f3n y ejecutar cualquier operaci\u00f3n debido a los endpoints expuestos en el marco de autenticaci\u00f3n"
}
],
"id": "CVE-2022-22956",
"lastModified": "2024-11-21T06:47:40.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:12.970",
"references": [
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-13 18:15
Modified
2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecuci\u00f3n de c\u00f3digo remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso administrativo puede desencadenar la deserializaci\u00f3n de datos no confiables mediante un URI JDBC malicioso que puede resultar en una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-22957",
"lastModified": "2024-11-21T06:47:41.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:13.087",
"references": [
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-05 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que afecta a usuarios del dominio local. Un actor malicioso con acceso de red a la interfaz de usuario puede obtener acceso administrativo sin necesidad de autenticarse"
}
],
"id": "CVE-2022-31656",
"lastModified": "2024-11-21T07:05:03.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.610",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 19:15
Modified
2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | access | 21.08.0.0 | |
| vmware | access | 21.08.0.1 | |
| vmware | cloud_foundation | - | |
| vmware | identity_manager | 3.3.6 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access:21.08.0.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "58F8802F-BE7F-4908-BD92-2576238798D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access:21.08.0.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "B7145A8C-7716-4839-8707-05765687447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A7BB38-3238-413E-9736-F1A165D40867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access and Identity Manager contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticado. VMware ha evaluado la gravedad de este problema en el rango de gravedad Importante con una puntuaci\u00f3n base CVSSv3 m\u00e1xima de 7.2."
}
],
"id": "CVE-2022-31700",
"lastModified": "2024-11-21T07:05:09.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T19:15:12.860",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}