CVE-2023-20884
https://notcve.org/view.php?id=CVE-2023-20884
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. • https://www.vmware.com/security/advisories/VMSA-2023-0011.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-31657
https://notcve.org/view.php?id=CVE-2022-31657
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de inyección de URL. Un actor malicioso con acceso a la red puede ser capaz de redirigir a un usuario autenticado a un dominio arbitrario • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-31656
https://notcve.org/view.php?id=CVE-2022-31656
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de omisión de autenticación que afecta a usuarios del dominio local. Un actor malicioso con acceso de red a la interfaz de usuario puede obtener acceso administrativo sin necesidad de autenticarse • https://www.vmware.com/security/advisories/VMSA-2022-0021.html •
CVE-2022-31658
https://notcve.org/view.php?id=CVE-2022-31658
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de ejecución de código remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-31661
https://notcve.org/view.php?id=CVE-2022-31661
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" • https://www.vmware.com/security/advisories/VMSA-2022-0021.html •