CVE-2022-31662
https://notcve.org/view.php?id=CVE-2022-31662
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. VMware Workspace ONE Access, Identity Manager, Connectors y vRealize Automation contienen una vulnerabilidad de salto de ruta. Un actor malicioso con acceso a la red puede ser capaz de acceder a archivos arbitrarios • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-31660 – VMware Workspace ONE Access Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-31660
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a password. • https://www.vmware.com/security/advisories/VMSA-2022-0021.html •
CVE-2022-22972
https://notcve.org/view.php?id=CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de omisión de autenticación que afecta a usuarios del dominio local. Un actor malicioso con acceso de red a la interfaz de usuario puede obtener acceso administrativo sin necesidad de autenticarse • https://github.com/horizon3ai/CVE-2022-22972 https://github.com/bengisugun/CVE-2022-22972- https://github.com/Dghpi9/CVE-2022-22972 https://www.vmware.com/security/advisories/VMSA-2022-0014.html •
CVE-2022-22973
https://notcve.org/view.php?id=CVE-2022-22973
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" • https://www.vmware.com/security/advisories/VMSA-2022-0014.html •
CVE-2022-22958
https://notcve.org/view.php?id=CVE-2022-22958
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecución de código remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso administrativo puede desencadenar la deserialización de datos no confiables mediante un URI JDBC malicioso que puede resultar en una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0011.html • CWE-502: Deserialization of Untrusted Data •