CVSS: 10.0EPSS: 94%CPEs: 13EXPL: 28CVE-2022-22954 – VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-22954
11 Apr 2022 — VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecución de código remota debido a una inyección de plantillas del lado del servidor. Un actor malicioso con acceso a la red puede desencadenar una inyección de plantillas d... • https://packetstorm.news/files/id/166935 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2021-22056 – VMware Security Advisory 2021-0030
https://notcve.org/view.php?id=CVE-2021-22056
20 Dec 2021 — VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10 y Identity Manager versiones 3.3.5, 3.3.4 y 3.3.3, contienen una vulnerabilidad de tipo SSRF. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP a orígenes arbitrar... • https://www.vmware.com/security/advisories/VMSA-2021-0030.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22057 – VMware Security Advisory 2021-0030
https://notcve.org/view.php?id=CVE-2021-22057
20 Dec 2021 — VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10, contienen una vulnerabilidad de omisión de autenticación. Un actor malicioso, que ha proporcionado con éxito la autenticación de primer factor, puede ser capaz de obtener la autenticación ... • https://www.vmware.com/security/advisories/VMSA-2021-0030.html •