CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26329 – File existence disclosue vulnerability in IDM plugin
https://notcve.org/view.php?id=CVE-2022-26329
24 Jan 2023 — File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL. Vulnerabilidad de divulgación de existencia de archivos en el complemento NetIQ Identity Manager anterior a la versión 4.8.5 permite a un atacante determinar si un archivo existe en el sistema de archivos. Este problema afecta a: Micro ... • https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 1%CPEs: 14EXPL: 0CVE-2022-31657
https://notcve.org/view.php?id=CVE-2022-31657
05 Aug 2022 — VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de inyección de URL. Un actor malicioso con acceso a la red puede ser capaz de redirigir a un usuario autenticado a un dominio arbitrario • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 80%CPEs: 14EXPL: 0CVE-2022-31656
https://notcve.org/view.php?id=CVE-2022-31656
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de omisión de autenticación que afecta a usuarios del dominio local. Un actor malicioso con acceso de red a la interfaz de usuario puede obten... • https://www.vmware.com/security/advisories/VMSA-2022-0021.html •
CVSS: 8.3EPSS: 7%CPEs: 14EXPL: 0CVE-2022-31658
https://notcve.org/view.php?id=CVE-2022-31658
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de ejecución de código remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-31661
https://notcve.org/view.php?id=CVE-2022-31661
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" • https://www.vmware.com/security/advisories/VMSA-2022-0021.html •
CVSS: 8.3EPSS: 5%CPEs: 14EXPL: 0CVE-2022-31659
https://notcve.org/view.php?id=CVE-2022-31659
05 Aug 2022 — VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecución de código remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 1%CPEs: 14EXPL: 0CVE-2022-31663
https://notcve.org/view.php?id=CVE-2022-31663
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de tipo cross-site scripting (XSS) reflejada. Debido a un saneo inapropiado de la entrada del usuario, un actor malicioso con cier... • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-31664
https://notcve.org/view.php?id=CVE-2022-31664
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" • https://www.vmware.com/security/advisories/VMSA-2022-0021.html •
CVSS: 8.3EPSS: 5%CPEs: 11EXPL: 0CVE-2022-31665
https://notcve.org/view.php?id=CVE-2022-31665
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de ejecución de código remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 0CVE-2022-31662
https://notcve.org/view.php?id=CVE-2022-31662
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. VMware Workspace ONE Access, Identity Manager, Connectors y vRealize Automation contienen una vulnerabilidad de salto de ruta. Un actor malicioso con acceso a la red puede ser capaz de acceder a archivos arbitrarios • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •