cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-20884,https://securityvulnerability.io/vulnerability/CVE-2023-20884,Insecure Redirect Vulnerability in VMware Workspace ONE Access and VMware Identity Manager,"VMware Workspace ONE Access and VMware Identity Manager are susceptible to an insecure redirect vulnerability due to insufficient path validation. This flaw allows an unauthenticated adversary to redirect users to a malicious domain, potentially exposing sensitive information. By exploiting this vulnerability, attackers can manipulate legitimate user requests, leading to data leakage and other security concerns.",Vmware,"VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)",6.1,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-05-30T16:15:00.000Z,0
CVE-2022-31701,https://securityvulnerability.io/vulnerability/CVE-2022-31701,Broken Authentication in VMware Workspace ONE Access and Identity Manager,VMware Workspace ONE Access and Identity Manager are impacted by a broken authentication vulnerability that could allow unauthorized users to gain access to sensitive information or functionality. This issue highlights the importance of ensuring robust authentication mechanisms to protect user data and maintain system integrity. Administrators are encouraged to apply the necessary patches and review their security configurations to mitigate potential risks associated with this vulnerability.,Vmware,"Vmware Workspace One Access (access), Vmware Identity Manager (vidm)",5.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-12-14T00:00:00.000Z,0
CVE-2022-31700,https://securityvulnerability.io/vulnerability/CVE-2022-31700,Authenticated Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access and Identity Manager are susceptible to an authenticated remote code execution vulnerability, which allows attackers with valid credentials to execute arbitrary code on the server. This weakness can lead to unauthorized access and significant security risks for organizations relying on these products for identity management and access control.",Vmware,"Vmware Workspace One Access (access), Vmware Identity Manager (vidm)",7.2,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2022-12-14T00:00:00.000Z,0
CVE-2022-31657,https://securityvulnerability.io/vulnerability/CVE-2022-31657,URL Injection Vulnerability in VMware Workspace ONE Access and Identity Manager,VMware Workspace ONE Access and Identity Manager are affected by a URL injection vulnerability that allows malicious actors with network access the potential to redirect authenticated users to arbitrary domains. This vulnerability could compromise user credentials and lead to unauthorized access to sensitive information. It highlights the importance of securing network paths and user interactions with such products to prevent exploitation.,Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",9.8,CRITICAL,0.002139999996870756,false,,false,false,false,,,false,false,,2022-08-05T15:07:39.000Z,0
CVE-2022-31656,https://securityvulnerability.io/vulnerability/CVE-2022-31656,Authentication Bypass Vulnerability in VMware Workspace ONE Access and vRealize Automation,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain an authentication bypass vulnerability that allows local domain users with network access to the user interface the potential to gain administrative rights without proper authentication. This flaw presents significant security risks as it could enable unauthorized access and actions within the system, jeopardizing sensitive data and overall system integrity. Organizations utilizing these VMware products should assess their exposure and implement necessary security controls promptly.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",9.8,CRITICAL,0.29583999514579773,false,,false,false,false,,,false,false,,2022-08-05T15:07:24.000Z,0
CVE-2022-31658,https://securityvulnerability.io/vulnerability/CVE-2022-31658,Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation have a remote code execution vulnerability that can be exploited by a malicious actor who has administrative and network access privileges. By exploiting this vulnerability, attackers may execute arbitrary code on vulnerable systems, potentially leading to unauthorized actions and compromise of system integrity. Organizations using these VMware products should review the vulnerability details and apply necessary patches to safeguard their environments.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2022-08-05T15:07:10.000Z,0
CVE-2022-31661,https://securityvulnerability.io/vulnerability/CVE-2022-31661,Privilege Escalation Vulnerabilities in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation have been identified with two vulnerabilities that allow local attackers to escalate their privileges to 'root'. This vulnerability poses a significant risk as it enables malicious actors to gain elevated control over the affected systems, potentially leading to unauthorized access and manipulation of sensitive data. Users are advised to review the latest security advisories and apply necessary patches to mitigate this risk.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-05T15:06:55.000Z,0
CVE-2022-31659,https://securityvulnerability.io/vulnerability/CVE-2022-31659,Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"A remote code execution vulnerability exists within VMware Workspace ONE Access and Identity Manager. If exploited, this flaw allows a malicious actor with administrator and network access to execute arbitrary code remotely on affected installations. It is crucial for organizations using these products to apply the necessary updates and patches to mitigate potential risks. For detailed information, please refer to VMware's security advisory.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2022-08-05T15:06:41.000Z,0
CVE-2022-31663,https://securityvulnerability.io/vulnerability/CVE-2022-31663,Reflected Cross-Site Scripting in VMware Workspace ONE Access and vRealize Automation,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a reflected cross-site scripting (XSS) vulnerability. This flaw arises from inadequate sanitization of user inputs, allowing a malicious actor to craft malicious scripts that can be executed in the context of the target user's session. Successful exploitation requires some degree of user interaction, potentially leading to unauthorized access or manipulation of user data.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-08-05T15:06:30.000Z,0
CVE-2022-31664,https://securityvulnerability.io/vulnerability/CVE-2022-31664,Privilege Escalation Vulnerability in VMware Workspace ONE Access and vRealize Automation,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a privilege escalation vulnerability that allows a malicious actor with local access to escalate their privileges to 'root'. This poses a significant risk as it enables unauthorized access to sensitive system resources and actions. Organizations should ensure they apply the latest security updates to mitigate this vulnerability.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-05T15:06:15.000Z,0
CVE-2022-31665,https://securityvulnerability.io/vulnerability/CVE-2022-31665,Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain a remote code execution vulnerability that could be exploited by a malicious actor. An attacker with administrator privileges and network access can invoke arbitrary code execution, potentially compromising the affected systems. It is crucial for users of these VMware products to apply available patches to mitigate the risk associated with this vulnerability.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2022-08-05T15:06:00.000Z,0
CVE-2022-31660,https://securityvulnerability.io/vulnerability/CVE-2022-31660,Privilege Escalation Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a privilege escalation flaw. This vulnerability allows a malicious actor with local access to escalate their privileges to the 'root' level, which could potentially compromise system integrity and security. It emphasizes the importance of securing local access and monitoring user privileges within the affected systems.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.8,HIGH,0.0010000000474974513,false,,false,false,true,2022-08-02T16:13:28.000Z,true,false,false,,2022-08-05T15:05:45.000Z,0
CVE-2022-31662,https://securityvulnerability.io/vulnerability/CVE-2022-31662,Path Traversal Vulnerability in VMware Workspace ONE Access and Identity Manager,"A path traversal vulnerability exists in VMware Workspace ONE Access and Identity Manager, enabling a malicious actor with network access to exploit this flaw. By manipulating file paths, an attacker could potentially gain access to arbitrary files on the server, which may contain sensitive information. This could lead to unauthorized disclosure of data and pose significant risks to organizations using the affected products.",Vmware,"Vmware Workspace One Access, Access Connector, Identity Manager, Vidm Connector And Vrealize Automation",7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2022-08-05T15:05:34.000Z,0
CVE-2022-22972,https://securityvulnerability.io/vulnerability/CVE-2022-22972,Authentication Bypass in VMware Workspace ONE Access and Identity Manager,"An authentication bypass vulnerability has been identified in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. This flaw allows local domain users with network access to the user interface to gain administrative privileges without proper authentication. If exploited, this vulnerability can potentially lead to unauthorized access and control over critical systems, posing significant risks to security and data integrity.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",9.8,CRITICAL,0.4645099937915802,false,,false,false,true,2022-06-15T12:34:20.000Z,true,false,false,,2022-05-20T20:18:39.000Z,0
CVE-2022-22973,https://securityvulnerability.io/vulnerability/CVE-2022-22973,Privilege Escalation Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access and Identity Manager are susceptible to a privilege escalation vulnerability that allows a malicious actor with local access to elevate their privileges to 'root'. This poses a significant security risk, as it can enable an attacker to gain full control over the affected systems. Organizations using these products should promptly apply available security updates to mitigate potential exploit risks.",Vmware,Vmware Workspace One Access And Identity Manager.,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-20T20:18:27.000Z,0
CVE-2022-22958,https://securityvulnerability.io/vulnerability/CVE-2022-22958,Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to remote code execution due to improper deserialization of untrusted data. An attacker with administrative access can exploit these vulnerabilities using a malicious JDBC URI, potentially leading to unauthorized code execution on vulnerable systems.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation.",7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2022-04-13T17:05:58.000Z,0
CVE-2022-22961,https://securityvulnerability.io/vulnerability/CVE-2022-22961,Information Disclosure Vulnerability in VMware Workspace ONE Access,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are affected by an information disclosure vulnerability that arises from returning excess information in responses. A remote attacker could exploit this vulnerability to extract the hostname of the target system, potentially leading to further targeting of victims. It is crucial for users to assess their exposure and apply necessary mitigations as outlined in VMware's security advisory.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-04-13T17:05:56.000Z,0
CVE-2022-22959,https://securityvulnerability.io/vulnerability/CVE-2022-22959,Cross-Site Request Forgery in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw can be exploited by a malicious actor to deceive a legitimate user into unknowingly validating a harmful JDBC URI. The attacker can leverage this vulnerability to execute unauthorized actions, potentially leading to further security risks. Users of the affected products are recommended to review their security practices and apply relevant patches provided in VMware's security advisory.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-04-13T17:05:54.000Z,0
CVE-2022-22957,https://securityvulnerability.io/vulnerability/CVE-2022-22957,Remote Code Execution Vulnerability in VMware Workspace ONE Access and vRealize Automation,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to remote code execution due to improper deserialization of untrusted data. An attacker with administrative privileges can exploit this vulnerability by sending a carefully crafted JDBC URI, leading to potentially harmful outcomes including unauthorized remote code execution on the affected systems.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation.",7.2,HIGH,0.013369999825954437,false,,false,false,true,2023-04-06T03:10:34.000Z,true,false,false,,2022-04-13T00:00:00.000Z,0
CVE-2022-22960,https://securityvulnerability.io/vulnerability/CVE-2022-22960,Privilege Escalation Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain a vulnerability that allows a malicious user with local access to escalate their privileges to 'root'. This is due to improper permissions configured within support scripts, which can be exploited to gain elevated rights on the system. Users are encouraged to review their environment for affected versions and apply necessary security patches to mitigate potential risks.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.8,HIGH,0.001769999973475933,true,2022-04-15T00:00:00.000Z,false,false,true,2022-04-15T00:00:00.000Z,true,false,false,,2022-04-13T00:00:00.000Z,0
CVE-2022-22954,https://securityvulnerability.io/vulnerability/CVE-2022-22954,Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access and Identity Manager are affected by a vulnerability that allows a malicious actor with network access to exploit server-side template injection. This flaw can lead to remote code execution, enabling unauthorized actions on the affected systems. It is critical for users to assess their exposure and implement necessary security measures to mitigate potential threats. For further details, refer to VMware's security advisory.",Vmware,Vmware Workspace One Access And Identity Manager,9.8,CRITICAL,0.9748299717903137,true,2022-04-14T00:00:00.000Z,false,true,true,2022-04-14T00:00:00.000Z,true,false,false,,2022-04-11T19:37:39.000Z,0
CVE-2021-22056,https://securityvulnerability.io/vulnerability/CVE-2021-22056,SSRF Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access and Identity Manager are susceptible to a Server Side Request Forgery (SSRF) vulnerability, which allows an attacker with network access to send crafted HTTP requests to arbitrary origins. This could enable the attacker to read the response from these requests, potentially leading to unauthorized information disclosure and further exploitation of the vulnerable system. Organizations using the affected versions should promptly apply recommended security patches to mitigate the risk.",Vmware,Vmware Workspace One Access And Identity Manager,7.5,HIGH,0.0018500000005587935,false,,false,false,false,,,false,false,,2021-12-20T20:08:27.000Z,0
CVE-2021-22003,https://securityvulnerability.io/vulnerability/CVE-2021-22003,Login Interface Vulnerability in VMware Workspace ONE Access and Identity Manager,VMware Workspace ONE Access and Identity Manager has a vulnerability that exposes a login interface on port 7443. An attacker with network access to this port may exploit the system by attempting user enumeration or executing brute force login attempts. The practical effectiveness of these methods can be influenced by account lockout policies and the complexity of the target account's password. Administrators are encouraged to review their configurations and implement necessary security measures to mitigate the risk.,Vmware,Vmware Workspace One Access And Identity Manager,7.5,HIGH,0.0018500000005587935,false,,false,false,false,,,false,false,,2021-08-31T21:02:31.000Z,0
CVE-2021-22002,https://securityvulnerability.io/vulnerability/CVE-2021-22002,Access Control Vulnerability in VMware Workspace ONE Access and Identity Manager,"A vulnerability in VMware Workspace ONE Access and Identity Manager permits unauthorized access to the /cfg web application and diagnostic endpoints through port 443. By manipulating host headers, an attacker with network access to port 443 can compromise potentially sensitive data and perform unauthorized actions on the /cfg application. Additionally, this vulnerability allows for unauthorized access to diagnostic endpoints without any form of authentication, posing significant security risks to affected systems.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",9.8,CRITICAL,0.0034000000450760126,false,,false,false,false,,,false,false,,2021-08-31T21:02:21.000Z,0
CVE-2020-4006,https://securityvulnerability.io/vulnerability/CVE-2020-4006,Command Injection Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector have a vulnerability that allows for command injection. This can potentially enable attackers to execute arbitrary commands on the affected system, leading to unauthorized access and manipulation of sensitive data. It is crucial for users to apply the necessary updates and patches to mitigate this security risk.",Vmware,"Vmware Workspace One Access (access), Vmware Workspace One Access Connector (access Connector), Vmware Identity Manager (vidm), Vmware Identity Manager Connector (vidm Connector), Vmware Cloud Foundation, Vrealize Suite Lifecycle Manager",9.1,CRITICAL,0.5521199703216553,true,2021-11-03T00:00:00.000Z,false,false,true,2021-11-03T00:00:00.000Z,,false,false,,2020-11-23T21:22:40.000Z,0