Page 2 of 7 results (0.009 seconds)

CVSS: 7.2EPSS: 2%CPEs: 13EXPL: 0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecución de código remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso administrativo puede desencadenar la deserialización de datos no confiables mediante un URI JDBC malicioso que puede resultar en una ejecución de código remota • http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2022-0011.html https://srcincite.io/blog/2022/08/11/i-am-whoever-i-say-i-am-infiltrating-vmware-workspace-one-access-using-a-0-click-exploit.html#dbconnectioncheckcontroller-dbcheck-jdbc-injection-remote-code-execution https://github.com/sourceincite/hekate • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 3

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios debido a permisos inapropiados en scripts de soporte. Un actor malicioso con acceso local puede escalar los privilegios a "root" VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. • http://packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html http://packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html http://packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html https://www.vmware.com/security/advisories/VMSA-2022-0011.html https://srcincite.io/blog/2022/08/11/i-am-whoever-i-say-i-am-infiltrating-vmware-workspace-one-access-using-a-0-click-exploit.html#dbconnectioncheckcontroller-dbcheck-jdbc-injection-remote& • CWE-732: Incorrect Permission Assignment for Critical Resource •