CVSS: 9.8EPSS: 62%CPEs: 11EXPL: 1CVE-2022-22956 – VMware Workspace ONE Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-22956
13 Apr 2022 — VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. VMware Workspace ONE Access presenta dos vulnerabilidades de omisión de autenticación (CVE-2022-22955 y CVE-2022-22956) en el marco de OAuth2 ACS. Un actor malicioso puede omitir el mecanismo de autenticación y ejecutar cualquier ope... • https://packetstorm.news/files/id/171918 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 47%CPEs: 13EXPL: 1CVE-2022-22957 – VMware Workspace ONE Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-22957
13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecución de código remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso ad... • https://packetstorm.news/files/id/171918 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 79%CPEs: 13EXPL: 5CVE-2022-22960 – VMware Multiple Products Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-22960
13 Apr 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios debido a permisos inapropiados en scripts de soporte. Un actor malicioso con acceso local puede escalar los privilegios a "root" VMware Workspace ONE Acce... • https://packetstorm.news/files/id/171935 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 94%CPEs: 13EXPL: 28CVE-2022-22954 – VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-22954
11 Apr 2022 — VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecución de código remota debido a una inyección de plantillas del lado del servidor. Un actor malicioso con acceso a la red puede desencadenar una inyección de plantillas d... • https://packetstorm.news/files/id/166935 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11849 – Elevation of privilege and unauthorized access in Micro Focus Identity Manager product
https://notcve.org/view.php?id=CVE-2020-11849
08 Jul 2020 — Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. Una elevación de privilegios y/o vulnerabilidad de acceso no autorizado en Micro Focus Identity Manager. Afecta las versiones anteriores a 4.7.3 y 4.8.1 hotfix 1. • https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1600
https://notcve.org/view.php?id=CVE-2016-1600
09 May 2019 — The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. El controlador ServiceNow en las versiones del Gestor de identidades NetIQ anteriores a la 4.6 es susceptible a una vulnerabilidad de divulgación de información. • https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7674 – IDM URL Redirection attack
https://notcve.org/view.php?id=CVE-2018-7674
28 Mar 2018 — The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. La consola de usuario de NetIQ Identity Manager, en versiones anteriores a la 4.7, es susceptible a la redirección de URL. • https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7676 – IDM Information Leakage
https://notcve.org/view.php?id=CVE-2018-7676
28 Mar 2018 — The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. En NetIQ Identity Manager, en versiones anteriores a la 4.7, userapp con log / trace habilitado podría filtrar información sensible. • https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7673 – NetIQ Identity Manager DoS Attack
https://notcve.org/view.php?id=CVE-2018-7673
26 Mar 2018 — The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. El canal de comunicación NetIQ Identity Manager, en versiones anteriores a la 4.7, es vulnerable a un ataque de denegación de servicio (DoS). • http://www.securityfocus.com/bid/103533 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1348 – NetIQ Identity Manager SSL Renegotiation
https://notcve.org/view.php?id=CVE-2018-1348
26 Mar 2018 — NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. El controlador NetIQ Identity Manager, en versiones anteriores a la 4.7, permite que se produzca una renegociación del protocolo de enlace SSL, lo que podría dar como resultado una ataque Man in the Middle (MitM). • http://www.securityfocus.com/bid/103530 •