CVSS: 8.3EPSS: 5%CPEs: 14EXPL: 0CVE-2022-31659
https://notcve.org/view.php?id=CVE-2022-31659
05 Aug 2022 — VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. VMware Workspace ONE Access y Identity Manager contienen una vulnerabilidad de ejecución de código remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 1%CPEs: 14EXPL: 0CVE-2022-31663
https://notcve.org/view.php?id=CVE-2022-31663
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de tipo cross-site scripting (XSS) reflejada. Debido a un saneo inapropiado de la entrada del usuario, un actor malicioso con cier... • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-31664
https://notcve.org/view.php?id=CVE-2022-31664
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" • https://www.vmware.com/security/advisories/VMSA-2022-0021.html •
CVSS: 8.3EPSS: 5%CPEs: 11EXPL: 0CVE-2022-31665
https://notcve.org/view.php?id=CVE-2022-31665
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de ejecución de código remota. Un actor malicioso con acceso de administrador y de red puede desencadenar una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 0CVE-2022-31662
https://notcve.org/view.php?id=CVE-2022-31662
05 Aug 2022 — VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. VMware Workspace ONE Access, Identity Manager, Connectors y vRealize Automation contienen una vulnerabilidad de salto de ruta. Un actor malicioso con acceso a la red puede ser capaz de acceder a archivos arbitrarios • https://www.vmware.com/security/advisories/VMSA-2022-0021.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 7%CPEs: 14EXPL: 1CVE-2022-31660 – VMware Workspace ONE Access Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-31660
04 Aug 2022 — VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso local puede escalar los privilegios a "root" VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the ... • https://packetstorm.news/files/id/167973 •
CVSS: 5.5EPSS: 0%CPEs: 33EXPL: 0CVE-2022-27636
https://notcve.org/view.php?id=CVE-2022-27636
05 May 2022 — On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En F5 BIG-IP APM versiones 16.1.x anteriores a 16.... • https://support.f5.com/csp/article/K57110035 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-42955
https://notcve.org/view.php?id=CVE-2021-42955
17 Nov 2021 — Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account. Zoho Remote Access Plus Server Windows Desktop binary corregido en versión 10.1.2132, está afectado por una vulnerabilidad de restablecimiento de contraseña no autorizada. Debido al mecanismo de restablecimiento de contras... • https://medium.com/nestedif/vulnerability-disclosure-improper-acl-unauthorized-password-reset-zoho-r-a-p-62efcdceb7a6 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-42954
https://notcve.org/view.php?id=CVE-2021-42954
17 Nov 2021 — Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc. Zoho Remote Access Plus Server Windows ... • https://medium.com/nestedif/vulnerability-disclosure-improper-filesystem-permission-misconfigured-acls-zoho-r-a-p-56e195464b51 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-42956
https://notcve.org/view.php?id=CVE-2021-42956
17 Nov 2021 — Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more. Zoho Remote Access Plus Server Windo... • https://medium.com/nestedif/vulnerability-disclosure-sensitive-info-leakage-agent-memory-dump-zoho-r-a-p-3d5ebc8928af • CWE-269: Improper Privilege Management •