CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38652
https://notcve.org/view.php?id=CVE-2022-38652
A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Existe una vulnerabilidad de deserialización remota insegura en VMWare Hyperic Agent 5.8.6. • https://www.cyber.gov.au/acsc/view-all-content/alerts/multiple-vulnerabilities-vmware-vrealize-hyperic-monitoring-and-performance-management-product • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38651
https://notcve.org/view.php?id=CVE-2022-38651
A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Existe una configuración incorrecta del filtro de seguridad en VMware Hyperic Server 5.8.6. La explotación de esta vulnerabilidad permite a una parte maliciosa omitir algunos requisitos de autenticación al emitir solicitudes a Hyperic Server. • https://www.cyber.gov.au/acsc/view-all-content/alerts/multiple-vulnerabilities-vmware-vrealize-hyperic-monitoring-and-performance-management-product •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38650
https://notcve.org/view.php?id=CVE-2022-38650
A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Existe una vulnerabilidad de deserialización insegura remota no autenticada en VMware Hyperic Server 5.8.6. La explotación de esta vulnerabilidad permite a una parte malintencionada ejecutar código arbitrario o malware dentro del servidor Hyperic y el sistema operativo host con los privilegios del proceso del servidor Hyperic. • https://www.cyber.gov.au/acsc/view-all-content/alerts/multiple-vulnerabilities-vmware-vrealize-hyperic-monitoring-and-performance-management-product • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31689
https://notcve.org/view.php?id=CVE-2022-31689
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. VMware Workspace ONE Assist anterior a 22.10 contiene una vulnerabilidad de reparación de sesión. Un actor malicioso que obtenga un token de sesión válido puede autenticarse en la aplicación utilizando ese token. • https://www.vmware.com/security/advisories/VMSA-2022-0028.html • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31688
https://notcve.org/view.php?id=CVE-2022-31688
VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. VMware Workspace ONE Assist anterior a la versión 22.10 contiene una vulnerabilidad de cross-site scripting (XSS) reflejado. Debido a una sanitización inadecuada de la entrada del usuario, un actor malicioso con alguna interacción del usuario puede inyectar código javascript en la ventana del usuario objetivo. • https://www.vmware.com/security/advisories/VMSA-2022-0028.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •