CVE-2023-20884
https://notcve.org/view.php?id=CVE-2023-20884
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. • https://www.vmware.com/security/advisories/VMSA-2023-0011.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-24461 – BIG-IP Edge Client for Windows and macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-24461
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132539 • CWE-295: Improper Certificate Validation •
CVE-2023-22372 – BIG-IP Edge Client for Windows and Mac OS vulnerability
https://notcve.org/view.php?id=CVE-2023-22372
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132522 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVE-2022-31700
https://notcve.org/view.php?id=CVE-2022-31700
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. VMware Workspace ONE Access and Identity Manager contiene una vulnerabilidad de ejecución remota de código autenticado. VMware ha evaluado la gravedad de este problema en el rango de gravedad Importante con una puntuación base CVSSv3 máxima de 7.2. • https://www.vmware.com/security/advisories/VMSA-2022-0032.html •
CVE-2022-40746
https://notcve.org/view.php?id=CVE-2022-40746
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581. IBM i Access Family 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.0 podría permitir que un atacante autenticado local ejecute código arbitrario en el sistema, causado por una vulnerabilidad de secuestro de orden de búsqueda de DLL. Al colocar un archivo especialmente manipulado en una carpeta comprometida, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236581 https://www.ibm.com/support/pages/node/6840359 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-427: Uncontrolled Search Path Element •