CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31701
https://notcve.org/view.php?id=CVE-2022-31701
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. VMware Workspace ONE Access and Identity Manager contiene una vulnerabilidad de autenticación rota. VMware ha evaluado la gravedad de este problema en el rango de gravedad moderada con una puntuación base CVSSv3 máxima de 5.3. • https://www.vmware.com/security/advisories/VMSA-2022-0032.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31703 – VMware vRealize Network Insight downloadFile Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-31703
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. vRealize Log Insight contiene una vulnerabilidad de directory traversal. Un actor malicioso no autenticado puede inyectar archivos en el Sistema Operativo de un dispositivo afectado, lo que puede resultar en la ejecución remota de código. This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Network Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadFile function. • https://www.vmware.com/security/advisories/VMSA-2023-0001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 22EXPL: 0CVE-2022-31705
https://notcve.org/view.php?id=CVE-2022-31705
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de escritura fuera de los límites en el controlador USB 2.0 (EHCI). Un actor malintencionado con privilegios administrativos locales en una máquina virtual puede aprovechar este problema para ejecutar código como el proceso VMX de la máquina virtual que se ejecuta en el host. • https://www.vmware.com/security/advisories/VMSA-2022-0033.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31702 – VMware vRealize Network Insight createSupportBundle Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-31702
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. vRealize Network Insight (vRNI) contiene una vulnerabilidad de inyección de comandos presente en la API REST de vRNI. Un actor malintencionado con acceso a la red de la API REST de vRNI puede ejecutar comandos sin autenticación. This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Network Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createSupportBundle function. • https://www.vmware.com/security/advisories/VMSA-2022-0031.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 266EXPL: 0CVE-2022-31696 – VMware ESXi TCP/IP Memory Corruption Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31696
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. VMware ESXi contiene una vulnerabilidad de corrupción de memoria que existe en la forma en que maneja un socket de red. Un actor malintencionado con acceso local a ESXi puede aprovechar este problema para dañar la memoria y provocar un escape del entorno limitado de ESXi. This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-787: Out-of-bounds Write •