Vmware » Vrealize Suite Lifecycle Manager » 8.6 patch1 : Security Vulnerabilities, CVEs,
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-05-20
Updated
2022-05-27
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Max CVSS
9.8
EPSS Score
58.48%
Published
2022-05-20
Updated
2022-05-27
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
Max CVSS
5.3
EPSS Score
0.07%
Published
2022-04-13
Updated
2022-04-21
CVE-2022-22960
Known exploited
Public exploit
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-04-13
Updated
2023-04-19
CISA KEV Added
2022-04-15
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-04-13
Updated
2022-04-21
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Max CVSS
7.2
EPSS Score
0.25%
Published
2022-04-13
Updated
2022-04-21
CVE-2022-22957
Public exploit
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Max CVSS
7.2
EPSS Score
2.75%
Published
2022-04-13
Updated
2023-04-19
7 vulnerabilities found