CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-22002
https://notcve.org/view.php?id=CVE-2021-22002
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. VMware Workspace ONE Access y Identity Manager, permiten el acceso a la aplicación web /cfg y a los endpoints de diagnóstico, en el puerto 8443, por medio del puerto 443 usando un encabezado de host personalizado. Un actor malicioso con acceso de red al puerto 443 podría manipular los encabezados de host para facilitar el acceso a la aplicación web /cfg, además, un actor malicioso podría acceder a los endpoints de diagnóstico /cfg sin autenticación • https://www.vmware.com/security/advisories/VMSA-2021-0016.html • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 44%CPEs: 15EXPL: 0CVE-2020-4006 – Multiple VMware Products Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-4006
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. VMware Workspace One Access, Access Connector, Identity Manager e Identity Manager Connector abordan una vulnerabilidad de inyección de comandos VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system. • https://www.vmware.com/security/advisories/VMSA-2020-0027.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25839
https://notcve.org/view.php?id=CVE-2020-25839
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. NetIQ Identity Manager versiones 4.8 anteriores a 4.8 SP2 HF1, está afectado por una vulnerabilidad de inyección. Esta vulnerabilidad es corregida en NetIQ IdM versión 4.8 SP2 HF1 • https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4821_apps/data/releasenotes_idm4821_apps.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11849 – Elevation of privilege and unauthorized access in Micro Focus Identity Manager product
https://notcve.org/view.php?id=CVE-2020-11849
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. Una elevación de privilegios y/o vulnerabilidad de acceso no autorizado en Micro Focus Identity Manager. Afecta las versiones anteriores a 4.7.3 y 4.8.1 hotfix 1. • https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1600
https://notcve.org/view.php?id=CVE-2016-1600
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. El controlador ServiceNow en las versiones del Gestor de identidades NetIQ anteriores a la 4.6 es susceptible a una vulnerabilidad de divulgación de información. • https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •