Vulnerabilities
Vulnerable Software
Vmware:  Security Vulnerabilities
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVSS Score
7.2
EPSS Score
0.029
Published
2022-04-13
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-04-13
CVE-2022-22960
Known exploited
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
CVSS Score
7.8
EPSS Score
0.372
Published
2022-04-13
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
CVSS Score
5.3
EPSS Score
0.008
Published
2022-04-13
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVSS Score
9.8
EPSS Score
0.076
Published
2022-04-13
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVSS Score
9.8
EPSS Score
0.499
Published
2022-04-13
CVE-2022-22954
Known exploited
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVSS Score
9.8
EPSS Score
1.0
Published
2022-04-11
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-04-11
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-04-11
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.
CVSS Score
5.3
EPSS Score
0.009
Published
2022-04-11


Contact Us

Shodan ® - All rights reserved