VMware vRealize Automation 8.6

CPE Details

VMware vRealize Automation 8.6
vmware
vrealize_automation
8.6
2021-10-14
15h32 +00:00
2021-10-14
15h43 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:vrealize_automation:8.6:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

vrealize_automation

Version

8.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-20855 2023-02-21 00h00 +00:00 VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.
8.8
High
CVE-2022-22955 2022-04-13 15h05 +00:00 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
9.8
Critical
CVE-2022-22958 2022-04-13 15h05 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
7.2
High
CVE-2022-22961 2022-04-13 15h05 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
5.3
Medium
CVE-2022-22959 2022-04-13 15h05 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
4.3
Medium
CVE-2022-22956 2022-04-13 00h00 +00:00 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
9.8
Critical
CVE-2022-22957 2022-04-13 00h00 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
7.2
High
CVE-2022-22960 2022-04-13 00h00 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
7.8
High
CVE-2022-22954 2022-04-11 19h37 +00:00 VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
9.8
Critical
CVE-2021-22056 2021-12-20 19h08 +00:00 VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
7.5
High