CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 0CVE-2022-31662
https://notcve.org/view.php?id=CVE-2022-31662
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. VMware Workspace ONE Access, Identity Manager, Connectors y vRealize Automation contienen una vulnerabilidad de salto de ruta. Un actor malicioso con acceso a la red puede ser capaz de acceder a archivos arbitrarios • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 7%CPEs: 14EXPL: 1CVE-2022-31660 – VMware Workspace ONE Access Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-31660
04 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the ... • https://packetstorm.news/files/id/167973 •
CVSS: 9.1EPSS: 16%CPEs: 15EXPL: 0CVE-2020-4006 – Multiple VMware Products Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-4006
23 Nov 2020 — VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. VMware Workspace One Access, Access Connector, Identity Manager e Identity Manager Connector abordan una vulnerabilidad de inyección de comandos VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and ... • https://www.vmware.com/security/advisories/VMSA-2020-0027.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 10%CPEs: 114EXPL: 0CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
18 Oct 2018 — Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This ... • http://www.securityfocus.com/bid/105703 • CWE-20: Improper Input Validation •