CVSS: 7.8EPSS: 79%CPEs: 13EXPL: 5CVE-2022-22960 – VMware Multiple Products Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-22960
13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios debido a permisos inapropiados en scripts de soporte. Un actor malicioso con acceso local puede escalar los privilegios a "root" VMware Workspace ONE Acce... • https://packetstorm.news/files/id/171935 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 94%CPEs: 13EXPL: 28CVE-2022-22954 – VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-22954
11 Apr 2022 — VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecución de código remota debido a una inyección de plantillas del lado del servidor. Un actor malicioso con acceso a la red puede desencadenar una inyección de plantillas d... • https://packetstorm.news/files/id/166935 • CWE-94: Improper Control of Generation of Code ('Code Injection') •