CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20884
https://notcve.org/view.php?id=CVE-2023-20884
30 May 2023 — VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leadi... • https://www.vmware.com/security/advisories/VMSA-2023-0011.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2021-22056 – VMware Security Advisory 2021-0030
https://notcve.org/view.php?id=CVE-2021-22056
20 Dec 2021 — VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10 y Identity Manager versiones 3.3.5, 3.3.4 y 3.3.3, contienen una vulnerabilidad de tipo SSRF. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP a orígenes arbitrar... • https://www.vmware.com/security/advisories/VMSA-2021-0030.html • CWE-918: Server-Side Request Forgery (SSRF) •