CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34064 – Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34064
Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information. Workspace ONE Launcher contiene una vulnerabilidad de escalada de privilegios. Un actor malintencionado con acceso físico a Workspace ONE Launcher podría utilizar la función Edge Panel para omitir la configuración y obtener acceso a información confidencial. • https://www.vmware.com/security/advisories/VMSA-2023-0027.html •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20886
https://notcve.org/view.php?id=CVE-2023-20886
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user. La consola VMware Workspace ONE UEM contiene una vulnerabilidad de redireccionamiento abierto. Un actor malintencionado puede redirigir a una víctima hacia un atacante y recuperar su respuesta SAML para iniciar sesión como el usuario víctima. • https://www.vmware.com/security/advisories/VMSA-2023-0025.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20884
https://notcve.org/view.php?id=CVE-2023-20884
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. • https://www.vmware.com/security/advisories/VMSA-2023-0011.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20857
https://notcve.org/view.php?id=CVE-2023-20857
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode. • http://packetstormsecurity.com/files/171158/VMware-Security-Advisory-2023-0006.html https://www.vmware.com/security/advisories/VMSA-2023-0006.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31689
https://notcve.org/view.php?id=CVE-2022-31689
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. VMware Workspace ONE Assist anterior a 22.10 contiene una vulnerabilidad de reparación de sesión. Un actor malicioso que obtenga un token de sesión válido puede autenticarse en la aplicación utilizando ese token. • https://www.vmware.com/security/advisories/VMSA-2022-0028.html • CWE-384: Session Fixation •