CVE-2022-31658
https://notcve.org/view.php?id=CVE-2022-31658
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de ejecución de código remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-31661
https://notcve.org/view.php?id=CVE-2022-31661
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" • https://www.vmware.com/security/advisories/VMSA-2022-0021.html •
CVE-2022-31659
https://notcve.org/view.php?id=CVE-2022-31659
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecución de código remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-31663
https://notcve.org/view.php?id=CVE-2022-31663
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de tipo cross-site scripting (XSS) reflejada. Debido a un saneo inapropiado de la entrada del usuario, un actor malicioso con cierta interacción con el usuario puede ser capaz de inyectar código javascript en la ventana del usuario objetivo • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-31664
https://notcve.org/view.php?id=CVE-2022-31664
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" • https://www.vmware.com/security/advisories/VMSA-2022-0021.html •