CVSS: 7.2EPSS: 47%CPEs: 13EXPL: 1CVE-2022-22957 – VMware Workspace ONE Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-22957
13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecución de código remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso ad... • https://packetstorm.news/files/id/171918 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 79%CPEs: 13EXPL: 5CVE-2022-22960 – VMware Multiple Products Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-22960
13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios debido a permisos inapropiados en scripts de soporte. Un actor malicioso con acceso local puede escalar los privilegios a "root" VMware Workspace ONE Acce... • https://packetstorm.news/files/id/171935 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 94%CPEs: 13EXPL: 28CVE-2022-22954 – VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-22954
11 Apr 2022 — VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecución de código remota debido a una inyección de plantillas del lado del servidor. Un actor malicioso con acceso a la red puede desencadenar una inyección de plantillas d... • https://packetstorm.news/files/id/166935 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2021-22056 – VMware Security Advisory 2021-0030
https://notcve.org/view.php?id=CVE-2021-22056
20 Dec 2021 — VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10 y Identity Manager versiones 3.3.5, 3.3.4 y 3.3.3, contienen una vulnerabilidad de tipo SSRF. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP a orígenes arbitrar... • https://www.vmware.com/security/advisories/VMSA-2021-0030.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-22003
https://notcve.org/view.php?id=CVE-2021-22003
31 Aug 2021 — VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account. VMware Workspace ONE Access y Identity Manager, proporcionan sin intención una interfaz de inicio de sesión en el puerto 7443. Un actor malicioso con acceso a la red al pu... • https://www.vmware.com/security/advisories/VMSA-2021-0016.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-22002
https://notcve.org/view.php?id=CVE-2021-22002
31 Aug 2021 — VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. VMware Workspace ONE Access y Identity Manager, permiten el acceso a la aplicación web /cfg y a los endpoints de diagnóstico, e... • https://www.vmware.com/security/advisories/VMSA-2021-0016.html • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 16%CPEs: 15EXPL: 0CVE-2020-4006 – Multiple VMware Products Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-4006
23 Nov 2020 — VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. VMware Workspace One Access, Access Connector, Identity Manager e Identity Manager Connector abordan una vulnerabilidad de inyección de comandos VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and ... • https://www.vmware.com/security/advisories/VMSA-2020-0027.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11849 – Elevation of privilege and unauthorized access in Micro Focus Identity Manager product
https://notcve.org/view.php?id=CVE-2020-11849
08 Jul 2020 — Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. Una elevación de privilegios y/o vulnerabilidad de acceso no autorizado en Micro Focus Identity Manager. Afecta las versiones anteriores a 4.7.3 y 4.8.1 hotfix 1. • https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1600
https://notcve.org/view.php?id=CVE-2016-1600
09 May 2019 — The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. El controlador ServiceNow en las versiones del Gestor de identidades NetIQ anteriores a la 4.6 es susceptible a una vulnerabilidad de divulgación de información. • https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7674 – IDM URL Redirection attack
https://notcve.org/view.php?id=CVE-2018-7674
28 Mar 2018 — The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. La consola de usuario de NetIQ Identity Manager, en versiones anteriores a la 4.7, es susceptible a la redirección de URL. • https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •