cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-20855,https://securityvulnerability.io/vulnerability/CVE-2023-20855,XML External Entity Vulnerability in VMware vRealize Orchestrator,VMware vRealize Orchestrator has an XML External Entity (XXE) vulnerability that allows a malicious individual with non-administrative access to exploit specially crafted XML input. This could lead to unauthorized access to sensitive information and potentially allow the attacker to escalate their privileges within the system.,Vmware,"VMware vRealize Orchestrator, VMware vRealize Automation, VMware Cloud Foundation",8.8,HIGH,0.0014600000577047467,false,,false,false,false,,,false,false,,2023-02-22T00:15:00.000Z,0 CVE-2022-31657,https://securityvulnerability.io/vulnerability/CVE-2022-31657,URL Injection Vulnerability in VMware Workspace ONE Access and Identity Manager,VMware Workspace ONE Access and Identity Manager are affected by a URL injection vulnerability that allows malicious actors with network access the potential to redirect authenticated users to arbitrary domains. This vulnerability could compromise user credentials and lead to unauthorized access to sensitive information. It highlights the importance of securing network paths and user interactions with such products to prevent exploitation.,Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",9.8,CRITICAL,0.002139999996870756,false,,false,false,false,,,false,false,,2022-08-05T15:07:39.000Z,0 CVE-2022-31656,https://securityvulnerability.io/vulnerability/CVE-2022-31656,Authentication Bypass Vulnerability in VMware Workspace ONE Access and vRealize Automation,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain an authentication bypass vulnerability that allows local domain users with network access to the user interface the potential to gain administrative rights without proper authentication. This flaw presents significant security risks as it could enable unauthorized access and actions within the system, jeopardizing sensitive data and overall system integrity. Organizations utilizing these VMware products should assess their exposure and implement necessary security controls promptly.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",9.8,CRITICAL,0.29583999514579773,false,,false,false,false,,,false,false,,2022-08-05T15:07:24.000Z,0 CVE-2022-31658,https://securityvulnerability.io/vulnerability/CVE-2022-31658,Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation have a remote code execution vulnerability that can be exploited by a malicious actor who has administrative and network access privileges. By exploiting this vulnerability, attackers may execute arbitrary code on vulnerable systems, potentially leading to unauthorized actions and compromise of system integrity. Organizations using these VMware products should review the vulnerability details and apply necessary patches to safeguard their environments.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2022-08-05T15:07:10.000Z,0 CVE-2022-31661,https://securityvulnerability.io/vulnerability/CVE-2022-31661,Privilege Escalation Vulnerabilities in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation have been identified with two vulnerabilities that allow local attackers to escalate their privileges to 'root'. This vulnerability poses a significant risk as it enables malicious actors to gain elevated control over the affected systems, potentially leading to unauthorized access and manipulation of sensitive data. Users are advised to review the latest security advisories and apply necessary patches to mitigate this risk.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-05T15:06:55.000Z,0 CVE-2022-31659,https://securityvulnerability.io/vulnerability/CVE-2022-31659,Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"A remote code execution vulnerability exists within VMware Workspace ONE Access and Identity Manager. If exploited, this flaw allows a malicious actor with administrator and network access to execute arbitrary code remotely on affected installations. It is crucial for organizations using these products to apply the necessary updates and patches to mitigate potential risks. For detailed information, please refer to VMware's security advisory.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2022-08-05T15:06:41.000Z,0 CVE-2022-31663,https://securityvulnerability.io/vulnerability/CVE-2022-31663,Reflected Cross-Site Scripting in VMware Workspace ONE Access and vRealize Automation,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a reflected cross-site scripting (XSS) vulnerability. This flaw arises from inadequate sanitization of user inputs, allowing a malicious actor to craft malicious scripts that can be executed in the context of the target user's session. Successful exploitation requires some degree of user interaction, potentially leading to unauthorized access or manipulation of user data.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-08-05T15:06:30.000Z,0 CVE-2022-31664,https://securityvulnerability.io/vulnerability/CVE-2022-31664,Privilege Escalation Vulnerability in VMware Workspace ONE Access and vRealize Automation,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a privilege escalation vulnerability that allows a malicious actor with local access to escalate their privileges to 'root'. This poses a significant risk as it enables unauthorized access to sensitive system resources and actions. Organizations should ensure they apply the latest security updates to mitigate this vulnerability.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-05T15:06:15.000Z,0 CVE-2022-31665,https://securityvulnerability.io/vulnerability/CVE-2022-31665,Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain a remote code execution vulnerability that could be exploited by a malicious actor. An attacker with administrator privileges and network access can invoke arbitrary code execution, potentially compromising the affected systems. It is crucial for users of these VMware products to apply available patches to mitigate the risk associated with this vulnerability.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2022-08-05T15:06:00.000Z,0 CVE-2022-31660,https://securityvulnerability.io/vulnerability/CVE-2022-31660,Privilege Escalation Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a privilege escalation flaw. This vulnerability allows a malicious actor with local access to escalate their privileges to the 'root' level, which could potentially compromise system integrity and security. It emphasizes the importance of securing local access and monitoring user privileges within the affected systems.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.8,HIGH,0.0010000000474974513,false,,false,false,true,2022-08-02T16:13:28.000Z,true,false,false,,2022-08-05T15:05:45.000Z,0 CVE-2022-31662,https://securityvulnerability.io/vulnerability/CVE-2022-31662,Path Traversal Vulnerability in VMware Workspace ONE Access and Identity Manager,"A path traversal vulnerability exists in VMware Workspace ONE Access and Identity Manager, enabling a malicious actor with network access to exploit this flaw. By manipulating file paths, an attacker could potentially gain access to arbitrary files on the server, which may contain sensitive information. This could lead to unauthorized disclosure of data and pose significant risks to organizations using the affected products.",Vmware,"Vmware Workspace One Access, Access Connector, Identity Manager, Vidm Connector And Vrealize Automation",7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2022-08-05T15:05:34.000Z,0 CVE-2022-22972,https://securityvulnerability.io/vulnerability/CVE-2022-22972,Authentication Bypass in VMware Workspace ONE Access and Identity Manager,"An authentication bypass vulnerability has been identified in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. This flaw allows local domain users with network access to the user interface to gain administrative privileges without proper authentication. If exploited, this vulnerability can potentially lead to unauthorized access and control over critical systems, posing significant risks to security and data integrity.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",9.8,CRITICAL,0.4645099937915802,false,,false,false,true,2022-06-15T12:34:20.000Z,true,false,false,,2022-05-20T20:18:39.000Z,0 CVE-2022-22958,https://securityvulnerability.io/vulnerability/CVE-2022-22958,Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to remote code execution due to improper deserialization of untrusted data. An attacker with administrative access can exploit these vulnerabilities using a malicious JDBC URI, potentially leading to unauthorized code execution on vulnerable systems.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation.",7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2022-04-13T17:05:58.000Z,0 CVE-2022-22961,https://securityvulnerability.io/vulnerability/CVE-2022-22961,Information Disclosure Vulnerability in VMware Workspace ONE Access,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are affected by an information disclosure vulnerability that arises from returning excess information in responses. A remote attacker could exploit this vulnerability to extract the hostname of the target system, potentially leading to further targeting of victims. It is crucial for users to assess their exposure and apply necessary mitigations as outlined in VMware's security advisory.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-04-13T17:05:56.000Z,0 CVE-2022-22959,https://securityvulnerability.io/vulnerability/CVE-2022-22959,Cross-Site Request Forgery in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw can be exploited by a malicious actor to deceive a legitimate user into unknowingly validating a harmful JDBC URI. The attacker can leverage this vulnerability to execute unauthorized actions, potentially leading to further security risks. Users of the affected products are recommended to review their security practices and apply relevant patches provided in VMware's security advisory.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-04-13T17:05:54.000Z,0 CVE-2022-22957,https://securityvulnerability.io/vulnerability/CVE-2022-22957,Remote Code Execution Vulnerability in VMware Workspace ONE Access and vRealize Automation,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to remote code execution due to improper deserialization of untrusted data. An attacker with administrative privileges can exploit this vulnerability by sending a carefully crafted JDBC URI, leading to potentially harmful outcomes including unauthorized remote code execution on the affected systems.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation.",7.2,HIGH,0.013369999825954437,false,,false,false,true,2023-04-06T03:10:34.000Z,true,false,false,,2022-04-13T00:00:00.000Z,0 CVE-2022-22960,https://securityvulnerability.io/vulnerability/CVE-2022-22960,Privilege Escalation Vulnerability in VMware Workspace ONE Access and Identity Manager,"VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain a vulnerability that allows a malicious user with local access to escalate their privileges to 'root'. This is due to improper permissions configured within support scripts, which can be exploited to gain elevated rights on the system. Users are encouraged to review their environment for affected versions and apply necessary security patches to mitigate potential risks.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",7.8,HIGH,0.001769999973475933,true,2022-04-15T00:00:00.000Z,false,false,true,2022-04-15T00:00:00.000Z,true,false,false,,2022-04-13T00:00:00.000Z,0 CVE-2021-22002,https://securityvulnerability.io/vulnerability/CVE-2021-22002,Access Control Vulnerability in VMware Workspace ONE Access and Identity Manager,"A vulnerability in VMware Workspace ONE Access and Identity Manager permits unauthorized access to the /cfg web application and diagnostic endpoints through port 443. By manipulating host headers, an attacker with network access to port 443 can compromise potentially sensitive data and perform unauthorized actions on the /cfg application. Additionally, this vulnerability allows for unauthorized access to diagnostic endpoints without any form of authentication, posing significant security risks to affected systems.",Vmware,"Vmware Workspace One Access, Identity Manager And Vrealize Automation",9.8,CRITICAL,0.0034000000450760126,false,,false,false,false,,,false,false,,2021-08-31T21:02:21.000Z,0 CVE-2018-6958,https://securityvulnerability.io/vulnerability/CVE-2018-6958,,VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.,Vmware,Vrealize Automation,6.1,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2018-04-12T00:00:00.000Z,0 CVE-2018-6959,https://securityvulnerability.io/vulnerability/CVE-2018-6959,,VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.,Vmware,Vrealize Automation,9.8,CRITICAL,0.004290000069886446,false,,false,false,false,,,false,false,,2018-04-12T00:00:00.000Z,0 CVE-2017-4947,https://securityvulnerability.io/vulnerability/CVE-2017-4947,,VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.,Vmware,"Vrealize Automation,Vsphere Integrated Containers",9.8,CRITICAL,0.10651999711990356,false,,false,false,false,,,false,false,,2018-01-29T16:29:00.000Z,0 CVE-2016-7460,https://securityvulnerability.io/vulnerability/CVE-2016-7460,,"The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",Vmware,Vrealize Automation,9.1,CRITICAL,0.006380000151693821,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0 CVE-2016-5334,https://securityvulnerability.io/vulnerability/CVE-2016-5334,,VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.,Vmware,"Identity Manager,Vrealize Automation",5.3,MEDIUM,0.001550000044517219,false,,false,false,false,,,false,false,,2016-12-29T09:02:00.000Z,0 CVE-2016-5335,https://securityvulnerability.io/vulnerability/CVE-2016-5335,,VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.,Vmware,"Identity Manager,Vrealize Automation",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2016-08-31T01:00:00.000Z,0 CVE-2016-5336,https://securityvulnerability.io/vulnerability/CVE-2016-5336,,VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.,Vmware,Vrealize Automation,9.8,CRITICAL,0.02711999975144863,false,,false,false,false,,,false,false,,2016-08-31T01:00:00.000Z,0