Search criteria
84 vulnerabilities found for identity_manager by vmware
FKIE_CVE-2023-20884
Vulnerability from fkie_nvd - Published: 2023-05-30 16:15 - Updated: 2025-01-10 19:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2023-0011.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2023-0011.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.6 | |
| vmware | identity_manager | 3.3.7 | |
| linux | linux_kernel | - | |
| vmware | workspace_one_access | * | |
| linux | linux_kernel | - | |
| vmware | cloud_foundation | - | |
| vmware | identity_manager_connector | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A6085F21-481D-4853-9EA6-26497FAB1A03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C226C8E-9B48-43F7-8692-66F204957899",
"versionEndIncluding": "22.09.1.0",
"versionStartIncluding": "21.0.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A7BB38-3238-413E-9736-F1A165D40867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E75DB1CB-C921-421E-B793-0C48AB15C574",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability.\u00a0An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure."
}
],
"id": "CVE-2023-20884",
"lastModified": "2025-01-10T19:15:31.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-30T16:15:09.390",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-31700
Vulnerability from fkie_nvd - Published: 2022-12-14 19:15 - Updated: 2025-04-22 16:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | access | 21.08.0.0 | |
| vmware | access | 21.08.0.1 | |
| vmware | cloud_foundation | - | |
| vmware | identity_manager | 3.3.6 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access:21.08.0.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "58F8802F-BE7F-4908-BD92-2576238798D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access:21.08.0.1:*:*:*:*:linux:*:*",
"matchCriteriaId": "B7145A8C-7716-4839-8707-05765687447B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A7BB38-3238-413E-9736-F1A165D40867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access and Identity Manager contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticado. VMware ha evaluado la gravedad de este problema en el rango de gravedad Importante con una puntuaci\u00f3n base CVSSv3 m\u00e1xima de 7.2."
}
],
"id": "CVE-2022-31700",
"lastModified": "2025-04-22T16:15:29.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-14T19:15:12.860",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31661
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-31661",
"lastModified": "2024-11-21T07:05:04.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.817",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31660
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-31660",
"lastModified": "2024-11-21T07:05:04.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.777",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31664
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-31664",
"lastModified": "2024-11-21T07:05:04.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.940",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31658
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-31658",
"lastModified": "2024-11-21T07:05:04.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.697",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31665
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-31665",
"lastModified": "2024-11-21T07:05:05.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.983",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31659
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 22.05 | |
| vmware | access_connector | 22.08.0.0 | |
| vmware | access_connector | 22.08.0.1 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44797503-1D15-4799-BCBA-E3810B05A373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "314BB1F7-9845-486D-8CA1-7E1A03FE0FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-31659",
"lastModified": "2024-11-21T07:05:04.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.737",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31662
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager, Connectors y vRealize Automation contienen una vulnerabilidad de salto de ruta. Un actor malicioso con acceso a la red puede ser capaz de acceder a archivos arbitrarios"
}
],
"id": "CVE-2022-31662",
"lastModified": "2024-11-21T07:05:04.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.860",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31663
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user\u0027s window."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de tipo cross-site scripting (XSS) reflejada. Debido a un saneo inapropiado de la entrada del usuario, un actor malicioso con cierta interacci\u00f3n con el usuario puede ser capaz de inyectar c\u00f3digo javascript en la ventana del usuario objetivo"
}
],
"id": "CVE-2022-31663",
"lastModified": "2024-11-21T07:05:04.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.900",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31657
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de inyecci\u00f3n de URL. Un actor malicioso con acceso a la red puede ser capaz de redirigir a un usuario autenticado a un dominio arbitrario"
}
],
"id": "CVE-2022-31657",
"lastModified": "2024-11-21T07:05:03.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.653",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-31656
Vulnerability from fkie_nvd - Published: 2022-08-05 16:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | one_access | 21.08.0.0 | |
| vmware | one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | access_connector | 21.08.0.0 | |
| vmware | access_connector | 21.08.0.1 | |
| vmware | access_connector | 22.05 | |
| vmware | identity_manager_connector | 3.3.4 | |
| vmware | identity_manager_connector | 3.3.5 | |
| vmware | identity_manager_connector | 3.3.6 | |
| vmware | identity_manager_connector | 19.03.0.1 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8189EEC2-261B-4095-B4AD-9094CEAB41C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3478B3B-AB6D-4D8F-BB82-E0AC211B0D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5742FBFE-0E10-4758-BDE0-230F26DFF425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FEA521-8812-47F0-96FC-C0DD93D5C5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B9167129-35D9-47FA-B442-F44108356FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3385CD-5F3E-4076-89A8-37F61FE41270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D301BA-B4AA-4DCF-A91E-B03AE5E95AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004A7497-2D06-4D8D-9C82-C0D774101326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99AA692E-48AB-4813-809C-970CA1BC6AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que afecta a usuarios del dominio local. Un actor malicioso con acceso de red a la interfaz de usuario puede obtener acceso administrativo sin necesidad de autenticarse"
}
],
"id": "CVE-2022-31656",
"lastModified": "2024-11-21T07:05:03.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T16:15:12.610",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-20884 (GCVE-0-2023-20884)
Vulnerability from cvelistv5 – Published: 2023-05-30 15:05 – Updated: 2025-01-10 18:58
VLAI?
Summary
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
Severity ?
6.1 (Medium)
CWE
- Insecure Redirect Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation) |
Affected:
Workspace ONE Access 22.09.1.0, Workspace ONE Access 22.09.0.0, Workspace ONE Access 21.08.x, VMware Identity Manager 3.3.7, VMware Identity Manager 3.3.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:32.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T18:58:05.456797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T18:58:11.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace ONE Access 22.09.1.0, Workspace ONE Access 22.09.0.0, Workspace ONE Access 21.08.x, VMware Identity Manager 3.3.7, VMware Identity Manager 3.3.6"
}
]
}
],
"datePublic": "2023-05-30T15:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability.\u0026nbsp;An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure."
}
],
"value": "VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability.\u00a0An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Redirect Vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T15:06:05.576Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20884",
"datePublished": "2023-05-30T15:05:53.284Z",
"dateReserved": "2022-11-01T15:41:50.393Z",
"dateUpdated": "2025-01-10T18:58:11.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31700 (GCVE-0-2022-31700)
Vulnerability from cvelistv5 – Published: 2022-12-14 00:00 – Updated: 2025-04-22 16:06
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
Severity ?
7.2 (High)
CWE
- Authenticated Remote Code Execution Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM) |
Affected:
VMware Workspace ONE Access (Multiple Versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:05:37.679578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:06:25.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workspace ONE Access (Multiple Versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31700",
"datePublished": "2022-12-14T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-22T16:06:25.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31657 (GCVE-0-2022-31657)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:07 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:39",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31657",
"datePublished": "2022-08-05T15:07:39",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31656 (GCVE-0-2022-31656)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:07 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:24",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31656",
"datePublished": "2022-08-05T15:07:24",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31658 (GCVE-0-2022-31658)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:07 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:10",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31658",
"datePublished": "2022-08-05T15:07:10",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31661 (GCVE-0-2022-31661)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:06 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:55",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31661",
"datePublished": "2022-08-05T15:06:55",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31659 (GCVE-0-2022-31659)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:06 – Updated: 2024-11-14 14:10
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:09:50.115526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:10:07.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:41",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31659",
"datePublished": "2022-08-05T15:06:41",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-11-14T14:10:07.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31663 (GCVE-0-2022-31663)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:06 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user\u0027s window."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:30",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user\u0027s window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31663",
"datePublished": "2022-08-05T15:06:30",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31664 (GCVE-0-2022-31664)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:06 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:15",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31664",
"datePublished": "2022-08-05T15:06:15",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20884 (GCVE-0-2023-20884)
Vulnerability from nvd – Published: 2023-05-30 15:05 – Updated: 2025-01-10 18:58
VLAI?
Summary
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
Severity ?
6.1 (Medium)
CWE
- Insecure Redirect Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation) |
Affected:
Workspace ONE Access 22.09.1.0, Workspace ONE Access 22.09.0.0, Workspace ONE Access 21.08.x, VMware Identity Manager 3.3.7, VMware Identity Manager 3.3.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:32.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T18:58:05.456797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T18:58:11.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace ONE Access 22.09.1.0, Workspace ONE Access 22.09.0.0, Workspace ONE Access 21.08.x, VMware Identity Manager 3.3.7, VMware Identity Manager 3.3.6"
}
]
}
],
"datePublic": "2023-05-30T15:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability.\u0026nbsp;An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure."
}
],
"value": "VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability.\u00a0An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Redirect Vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T15:06:05.576Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20884",
"datePublished": "2023-05-30T15:05:53.284Z",
"dateReserved": "2022-11-01T15:41:50.393Z",
"dateUpdated": "2025-01-10T18:58:11.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31700 (GCVE-0-2022-31700)
Vulnerability from nvd – Published: 2022-12-14 00:00 – Updated: 2025-04-22 16:06
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
Severity ?
7.2 (High)
CWE
- Authenticated Remote Code Execution Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM) |
Affected:
VMware Workspace ONE Access (Multiple Versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:05:37.679578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:06:25.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workspace ONE Access (Multiple Versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31700",
"datePublished": "2022-12-14T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-22T16:06:25.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31657 (GCVE-0-2022-31657)
Vulnerability from nvd – Published: 2022-08-05 15:07 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:39",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31657",
"datePublished": "2022-08-05T15:07:39",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31656 (GCVE-0-2022-31656)
Vulnerability from nvd – Published: 2022-08-05 15:07 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:24",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31656",
"datePublished": "2022-08-05T15:07:24",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31658 (GCVE-0-2022-31658)
Vulnerability from nvd – Published: 2022-08-05 15:07 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:07:10",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31658",
"datePublished": "2022-08-05T15:07:10",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31661 (GCVE-0-2022-31661)
Vulnerability from nvd – Published: 2022-08-05 15:06 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:55",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31661",
"datePublished": "2022-08-05T15:06:55",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:00.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31659 (GCVE-0-2022-31659)
Vulnerability from nvd – Published: 2022-08-05 15:06 – Updated: 2024-11-14 14:10
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:09:50.115526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:10:07.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:41",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31659",
"datePublished": "2022-08-05T15:06:41",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-11-14T14:10:07.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31663 (GCVE-0-2022-31663)
Vulnerability from nvd – Published: 2022-08-05 15:06 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user\u0027s window."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:30",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user\u0027s window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31663",
"datePublished": "2022-08-05T15:06:30",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31664 (GCVE-0-2022-31664)
Vulnerability from nvd – Published: 2022-08-05 15:06 – Updated: 2024-08-03 07:26
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Severity ?
No CVSS data available.
CWE
- VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:06:15",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-31664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Workspace One Access (21.08.0.1 \u0026 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 \u0026 3.3.4), and vRealize Automation 7.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31664",
"datePublished": "2022-08-05T15:06:15",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}