Search criteria
63 vulnerabilities found for vrealize_suite_lifecycle_manager by vmware
FKIE_CVE-2022-22972
Vulnerability from fkie_nvd - Published: 2022-05-20 21:15 - Updated: 2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEACD8D-30EF-44FE-839B-DA69E6CED23A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36847AD6-88CC-4228-AB4E-5161B381267C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC3C214-DEFC-48D9-8728-31F19095375E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF5CF56-8DE1-42F5-9EC1-E5666DD7FA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36668618-33C3-460A-879B-A9741405C9D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8266FD66-3BB6-4720-9D9F-06EFB38FA4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4C25D3-BC49-4727-B7A2-28C0F2E647EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9AB6FF-D508-42FF-8FB9-24B96AE2F03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "328785AE-390C-4CA2-9771-4A26387E4E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298B797F-C3B6-445C-AADB-8633B446F10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F97BA12F-A60D-4398-9CA8-DE2F7BACBA8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E19009EB-02D3-424A-947D-7B66EFCCE422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "89656A51-0840-4A27-B05B-7E54B0CF0521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11C27637-44C5-4678-AF19-82E6CB9B15E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D26128AF-864F-403E-A491-437FEC0BE1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8D11F7-A6C1-4E9A-A288-B90B90B0CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2DDABB-1590-4AE7-B96D-BB7FB209582D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79A33F-A1FF-438F-BC77-94ACC45F5488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "42DF0955-2FDD-46BF-9932-AF2C8F8A7599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25759430-C6E1-45F9-B149-3091730CCB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D6348-E71A-4DA4-AC84-51397B2461A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E841E8EF-9500-4937-BAC4-8AB76C96A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4C5700-1AFE-49F6-AC92-09F2349345ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B23891F3-08B7-480B-9B83-81381E33212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC07793-6DB1-4ACD-976D-A370FFAE505A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3318D91-40AC-4649-8FCD-4557C8F934B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A06C29AB-1EAF-43EF-96C3-9E3468911B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43723EC2-295E-4AF7-B654-70F9E42F4807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FD4A0BCE-E22E-419E-9CC0-7D535CC49E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "80868C66-E615-47E3-BA67-152FE833A10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch3:*:*:*:*:*:*",
"matchCriteriaId": "7DF3AFD0-1DDD-4F9D-BD33-85978CF101ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E80F36FA-EE84-47BE-95EB-17B49FBCC86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch1:*:*:*:*:*:*",
"matchCriteriaId": "85854D70-E8A1-4AD9-872B-8D9BEEB7FAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch2:*:*:*:*:*:*",
"matchCriteriaId": "9CF575E5-0FB4-4EC6-AE02-0565A976B98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch3:*:*:*:*:*:*",
"matchCriteriaId": "A99C818B-7215-4422-87C4-D500F6931442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3617E4AC-630F-4AF2-855A-872AD2ECC3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:patch1:*:*:*:*:*:*",
"matchCriteriaId": "969F3DA5-A0C3-4F30-B786-46BCC280D6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B8D22C-1C36-4125-9C58-1C2472EF64F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "356479A9-C5F9-4714-A29A-464FE738F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "95D8DEAC-50BF-4B1B-B3EC-E9D54EEC0755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "B16A6A96-C904-416F-A4D3-FB22CAC07610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73825FF7-AFD1-4948-ABB7-0E73D4AC72C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3BAC746E-7897-4ED0-8120-2953A5CECF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A07377B1-9536-4EDE-AA25-FAD474855711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DF26D0-EBCD-4E35-9218-74B56DCB7A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F065F309-E25C-4CB2-85DD-98ED3648B069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E88B150-4BB0-40FC-9333-737C97BADE09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que afecta a usuarios del dominio local. Un actor malicioso con acceso de red a la interfaz de usuario puede obtener acceso administrativo sin necesidad de autenticarse"
}
],
"id": "CVE-2022-22972",
"lastModified": "2024-11-21T06:47:43.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T21:15:09.847",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22973
Vulnerability from fkie_nvd - Published: 2022-05-20 21:15 - Updated: 2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6D6348-E71A-4DA4-AC84-51397B2461A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E841E8EF-9500-4937-BAC4-8AB76C96A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4C5700-1AFE-49F6-AC92-09F2349345ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B23891F3-08B7-480B-9B83-81381E33212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC07793-6DB1-4ACD-976D-A370FFAE505A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3318D91-40AC-4649-8FCD-4557C8F934B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A06C29AB-1EAF-43EF-96C3-9E3468911B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43723EC2-295E-4AF7-B654-70F9E42F4807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "FD4A0BCE-E22E-419E-9CC0-7D535CC49E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "80868C66-E615-47E3-BA67-152FE833A10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:patch3:*:*:*:*:*:*",
"matchCriteriaId": "7DF3AFD0-1DDD-4F9D-BD33-85978CF101ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E80F36FA-EE84-47BE-95EB-17B49FBCC86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch1:*:*:*:*:*:*",
"matchCriteriaId": "85854D70-E8A1-4AD9-872B-8D9BEEB7FAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch2:*:*:*:*:*:*",
"matchCriteriaId": "9CF575E5-0FB4-4EC6-AE02-0565A976B98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.3:patch3:*:*:*:*:*:*",
"matchCriteriaId": "A99C818B-7215-4422-87C4-D500F6931442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3617E4AC-630F-4AF2-855A-872AD2ECC3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4:patch1:*:*:*:*:*:*",
"matchCriteriaId": "969F3DA5-A0C3-4F30-B786-46BCC280D6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B8D22C-1C36-4125-9C58-1C2472EF64F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "356479A9-C5F9-4714-A29A-464FE738F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "95D8DEAC-50BF-4B1B-B3EC-E9D54EEC0755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.4.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "B16A6A96-C904-416F-A4D3-FB22CAC07610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73825FF7-AFD1-4948-ABB7-0E73D4AC72C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:patch1:*:*:*:*:*:*",
"matchCriteriaId": "3BAC746E-7897-4ED0-8120-2953A5CECF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A07377B1-9536-4EDE-AA25-FAD474855711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DF26D0-EBCD-4E35-9218-74B56DCB7A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F065F309-E25C-4CB2-85DD-98ED3648B069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E88B150-4BB0-40FC-9333-737C97BADE09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-22973",
"lastModified": "2024-11-21T06:47:43.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T21:15:09.893",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22960
Vulnerability from fkie_nvd - Published: 2022-04-13 18:15 - Updated: 2025-10-30 20:03
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"cisaActionDue": "2022-05-06",
"cisaExploitAdd": "2022-04-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware Multiple Products Privilege Escalation Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to \u0027root\u0027."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios debido a permisos inapropiados en scripts de soporte. Un actor malicioso con acceso local puede escalar los privilegios a \"root\""
}
],
"id": "CVE-2022-22960",
"lastModified": "2025-10-30T20:03:55.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-04-13T18:15:13.510",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-22957
Vulnerability from fkie_nvd - Published: 2022-04-13 18:15 - Updated: 2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecuci\u00f3n de c\u00f3digo remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso administrativo puede desencadenar la deserializaci\u00f3n de datos no confiables mediante un URI JDBC malicioso que puede resultar en una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-22957",
"lastModified": "2024-11-21T06:47:41.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:13.087",
"references": [
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22959
Vulnerability from fkie_nvd - Published: 2022-04-13 18:15 - Updated: 2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de tipo cross site request forgery. Un actor malicioso puede enga\u00f1ar a un usuario mediante un ataque de tipo cross site request forgery para que compruebe involuntariamente un URI JDBC malicioso"
}
],
"id": "CVE-2022-22959",
"lastModified": "2024-11-21T06:47:41.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:13.373",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22961
Vulnerability from fkie_nvd - Published: 2022-04-13 18:15 - Updated: 2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido a una devoluci\u00f3n de informaci\u00f3n excesiva. Un actor malicioso con acceso remoto puede filtrar el nombre de host del sistema de destino. Una explotaci\u00f3n con \u00e9xito de este problema puede conllevar a una selecci\u00f3n de v\u00edctimas"
}
],
"id": "CVE-2022-22961",
"lastModified": "2024-11-21T06:47:41.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:13.667",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22958
Vulnerability from fkie_nvd - Published: 2022-04-13 18:15 - Updated: 2024-11-21 06:47
Severity ?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2022-0011.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | * | |
| vmware | vrealize_automation | 7.6 | |
| vmware | vrealize_suite_lifecycle_manager | * | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF5F6-77E2-4EF7-9148-9DA5C52E50F5",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC19367B-D2F8-4966-BE2F-12700C9337EC",
"versionEndExcluding": "9.0",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecuci\u00f3n de c\u00f3digo remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso administrativo puede desencadenar la deserializaci\u00f3n de datos no confiables mediante un URI JDBC malicioso que puede resultar en una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-22958",
"lastModified": "2024-11-21T06:47:41.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-13T18:15:13.230",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22954
Vulnerability from fkie_nvd - Published: 2022-04-11 20:15 - Updated: 2025-10-30 20:04
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | identity_manager | 3.3.3 | |
| vmware | identity_manager | 3.3.4 | |
| vmware | identity_manager | 3.3.5 | |
| vmware | identity_manager | 3.3.6 | |
| vmware | vrealize_automation | 7.6 | |
| vmware | workspace_one_access | 20.10.0.0 | |
| vmware | workspace_one_access | 20.10.0.1 | |
| vmware | workspace_one_access | 21.08.0.0 | |
| vmware | workspace_one_access | 21.08.0.1 | |
| linux | linux_kernel | - | |
| vmware | cloud_foundation | * | |
| vmware | vrealize_suite_lifecycle_manager | * |
{
"cisaActionDue": "2022-05-05",
"cisaExploitAdd": "2022-04-14",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB8190-2101-4EE5-844E-B46E7FB78FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "639F6029-DE62-49BD-A767-C5D499389C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD029C-7707-4F1E-BE7F-2DE27D384538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57375AD7-8042-472F-B49E-653C77EAFA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3DC465-1FA7-4F5B-9A9A-12F8FB4CE146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326A2867-797D-4AA9-8D2C-43E8CDA0BCFC",
"versionEndIncluding": "4.3.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4767C7D-8165-43A6-8F16-12F8EE65FDFB",
"versionEndIncluding": "8.2",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
},
{
"lang": "es",
"value": "VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota debido a una inyecci\u00f3n de plantillas del lado del servidor. Un actor malicioso con acceso a la red puede desencadenar una inyecci\u00f3n de plantillas del lado del servidor que puede resultar en la ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2022-22954",
"lastModified": "2025-10-30T20:04:37.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-04-11T20:15:19.890",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-22033
Vulnerability from fkie_nvd - Published: 2021-10-13 16:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0021.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0021.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vrealize_operations | * | |
| vmware | vrealize_suite_lifecycle_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5068412-9124-4072-B63B-C4B7855C61F2",
"versionEndIncluding": "4.3.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_operations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA605E3-5660-43DC-896D-889F54E06C74",
"versionEndExcluding": "8.6.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4767C7D-8165-43A6-8F16-12F8EE65FDFB",
"versionEndIncluding": "8.2",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability."
},
{
"lang": "es",
"value": "Las versiones anteriores a VMware vRealize Operations versi\u00f3n 8.6, contienen una vulnerabilidad de tipo Server Side Request Forgery (SSRF)"
}
],
"id": "CVE-2021-22033",
"lastModified": "2024-11-21T05:49:28.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-13T16:15:07.643",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22035
Vulnerability from fkie_nvd - Published: 2021-10-13 16:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0022.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0022.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | vrealize_log_insight | * | |
| vmware | vrealize_suite_lifecycle_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67763E17-BABE-4A25-95BC-2B5F1666705C",
"versionEndIncluding": "4.3.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BECE8925-3981-4FB9-979E-CDFC1A55A13F",
"versionEndExcluding": "8.60",
"versionStartExcluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61B2C07D-4AD4-458B-86CA-FB2CA45A8EA7",
"versionEndIncluding": "8.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
},
{
"lang": "es",
"value": "VMware vRealize Log Insight (versiones 8.x anteriores a 8.6) contienen una vulnerabilidad de inyecci\u00f3n de CSV (Valores Separados por Comas) en la funci\u00f3n interactive analytics export. Un actor malicioso autenticado con privilegios no administrativos puede ser capaz de insertar datos no confiables antes de exportar una hoja CSV mediante Log Insight que podr\u00eda ser ejecutada en el entorno del usuario"
}
],
"id": "CVE-2021-22035",
"lastModified": "2024-11-21T05:49:28.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-13T16:15:07.690",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-22972 (GCVE-0-2022-22972)
Vulnerability from cvelistv5 – Published: 2022-05-20 20:18 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:18:39",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22972",
"datePublished": "2022-05-20T20:18:39",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22973 (GCVE-0-2022-22973)
Vulnerability from cvelistv5 – Published: 2022-05-20 20:18 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager. |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:18:27",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager.",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22973",
"datePublished": "2022-05-20T20:18:27",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22958 (GCVE-0-2022-22958)
Vulnerability from cvelistv5 – Published: 2022-04-13 17:05 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Severity ?
No CVSS data available.
CWE
- Remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation. |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:58",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22958",
"datePublished": "2022-04-13T17:05:58",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22961 (GCVE-0-2022-22961)
Vulnerability from cvelistv5 – Published: 2022-04-13 17:05 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:56",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22961",
"datePublished": "2022-04-13T17:05:56",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22959 (GCVE-0-2022-22959)
Vulnerability from cvelistv5 – Published: 2022-04-13 17:05 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
Severity ?
No CVSS data available.
CWE
- Cross site request forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22959",
"datePublished": "2022-04-13T17:05:54",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22960 (GCVE-0-2022-22960)
Vulnerability from cvelistv5 – Published: 2022-04-13 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
Severity ?
7.8 (High)
CWE
- Privilege escalation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22960",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:34:09.436482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:42.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-15T00:00:00+00:00",
"value": "CVE-2022-22960 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22960",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:42.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22957 (GCVE-0-2022-22957)
Vulnerability from cvelistv5 – Published: 2022-04-13 00:00 – Updated: 2025-02-13 16:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Severity ?
No CVSS data available.
CWE
- Remote code execution
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation. |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T19:06:16.134Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22957",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:58.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22954 (GCVE-0-2022-22954)
Vulnerability from cvelistv5 – Published: 2022-04-11 19:37 – Updated: 2025-10-21 23:15
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Severity ?
9.8 (Critical)
CWE
- Remote code execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22954",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:20:48.327758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:42.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-14T00:00:00+00:00",
"value": "CVE-2022-22954 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T17:06:08.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"name": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22954",
"datePublished": "2022-04-11T19:37:39.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:42.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22035 (GCVE-0-2021-22035)
Vulnerability from cvelistv5 – Published: 2021-10-13 15:50 – Updated: 2024-08-03 18:30
VLAI?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
Severity ?
No CVSS data available.
CWE
- CSV injection vulnerability in Log Insight
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight (8.x prior to 8.6)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV injection vulnerability in Log Insight",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T15:50:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV injection vulnerability in Log Insight"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22035",
"datePublished": "2021-10-13T15:50:54",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22033 (GCVE-0-2021-22033)
Vulnerability from cvelistv5 – Published: 2021-10-13 15:42 – Updated: 2024-08-03 18:30
VLAI?
Summary
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
Severity ?
No CVSS data available.
CWE
- SSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Operations |
Affected:
Releases prior to VMware vRealize Operations 8.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Operations",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Releases prior to VMware vRealize Operations 8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T15:42:58",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Operations",
"version": {
"version_data": [
{
"version_value": "Releases prior to VMware vRealize Operations 8.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22033",
"datePublished": "2021-10-13T15:42:58",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22972 (GCVE-0-2022-22972)
Vulnerability from nvd – Published: 2022-05-20 20:18 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:18:39",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22972",
"datePublished": "2022-05-20T20:18:39",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22973 (GCVE-0-2022-22973)
Vulnerability from nvd – Published: 2022-05-20 20:18 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager. |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:18:27",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager.",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22973",
"datePublished": "2022-05-20T20:18:27",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22958 (GCVE-0-2022-22958)
Vulnerability from nvd – Published: 2022-04-13 17:05 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Severity ?
No CVSS data available.
CWE
- Remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation. |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:58",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22958",
"datePublished": "2022-04-13T17:05:58",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22961 (GCVE-0-2022-22961)
Vulnerability from nvd – Published: 2022-04-13 17:05 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:56",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22961",
"datePublished": "2022-04-13T17:05:56",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22959 (GCVE-0-2022-22959)
Vulnerability from nvd – Published: 2022-04-13 17:05 – Updated: 2024-08-03 03:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
Severity ?
No CVSS data available.
CWE
- Cross site request forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:05:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22959",
"datePublished": "2022-04-13T17:05:54",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22960 (GCVE-0-2022-22960)
Vulnerability from nvd – Published: 2022-04-13 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
Severity ?
7.8 (High)
CWE
- Privilege escalation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22960",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:34:09.436482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:42.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22960"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-15T00:00:00+00:00",
"value": "CVE-2022-22960 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to \u0027root\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22960",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:42.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22957 (GCVE-0-2022-22957)
Vulnerability from nvd – Published: 2022-04-13 00:00 – Updated: 2025-02-13 16:28
VLAI?
Summary
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Severity ?
No CVSS data available.
CWE
- Remote code execution
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access, Identity Manager and vRealize Automation. |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 \u0026 CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T19:06:16.134Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22957",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:28:58.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22954 (GCVE-0-2022-22954)
Vulnerability from nvd – Published: 2022-04-11 19:37 – Updated: 2025-10-21 23:15
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Severity ?
9.8 (Critical)
CWE
- Remote code execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Workspace ONE Access and Identity Manager |
Affected:
Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22954",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:20:48.327758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:42.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22954"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-14T00:00:00+00:00",
"value": "CVE-2022-22954 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE Access and Identity Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T17:06:08.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Access and Identity Manager",
"version": {
"version_data": [
{
"version_value": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0011.html"
},
{
"name": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22954",
"datePublished": "2022-04-11T19:37:39.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:42.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22035 (GCVE-0-2021-22035)
Vulnerability from nvd – Published: 2021-10-13 15:50 – Updated: 2024-08-03 18:30
VLAI?
Summary
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
Severity ?
No CVSS data available.
CWE
- CSV injection vulnerability in Log Insight
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Log Insight |
Affected:
VMware vRealize Log Insight (8.x prior to 8.6)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Log Insight",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV injection vulnerability in Log Insight",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T15:50:54",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Log Insight",
"version": {
"version_data": [
{
"version_value": "VMware vRealize Log Insight (8.x prior to 8.6)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user\u0027s environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV injection vulnerability in Log Insight"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22035",
"datePublished": "2021-10-13T15:50:54",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22033 (GCVE-0-2021-22033)
Vulnerability from nvd – Published: 2021-10-13 15:42 – Updated: 2024-08-03 18:30
VLAI?
Summary
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
Severity ?
No CVSS data available.
CWE
- SSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware vRealize Operations |
Affected:
Releases prior to VMware vRealize Operations 8.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware vRealize Operations",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Releases prior to VMware vRealize Operations 8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T15:42:58",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware vRealize Operations",
"version": {
"version_data": [
{
"version_value": "Releases prior to VMware vRealize Operations 8.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22033",
"datePublished": "2021-10-13T15:42:58",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:23.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}