Product:

Workspace_one_access

(Vmware)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2022-04-13 CVE-2022-22960 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 7.8
2022-04-13 CVE-2022-22958 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 7.2
2022-04-13 CVE-2022-22955 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. Identity_manager, Vrealize_automation, Workspace_one_access 9.8
2022-04-13 CVE-2022-22961 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 5.3
2022-05-20 CVE-2022-22973 VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. Cloud_foundation, Identity_manager, Vrealize_suite_lifecycle_manager, Workspace_one_access 7.8
2022-05-20 CVE-2022-22972 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 9.8
2023-05-30 CVE-2023-20884 VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. Cloud_foundation, Identity_manager, Identity_manager_connector, Workspace_one_access 6.1
2022-04-13 CVE-2022-22956 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. Identity_manager, Vrealize_automation, Workspace_one_access 9.8
2022-04-13 CVE-2022-22957 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. Cloud_foundation, Identity_manager, Vrealize_automation, Vrealize_suite_lifecycle_manager, Workspace_one_access 7.2
2021-12-20 CVE-2021-22057 VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. Workspace_one_access 8.8