VMware vRealize Automation 7.6

CPE Details

VMware vRealize Automation 7.6
vmware
vrealize_automation
7.6
2019-10-01
09h38 +00:00
2019-10-01
09h38 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

vrealize_automation

Version

7.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-22972 2022-05-20 18h18 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
9.8
Critical
CVE-2022-22955 2022-04-13 15h05 +00:00 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
9.8
Critical
CVE-2022-22958 2022-04-13 15h05 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
7.2
High
CVE-2022-22961 2022-04-13 15h05 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
5.3
Medium
CVE-2022-22959 2022-04-13 15h05 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
4.3
Medium
CVE-2022-22956 2022-04-13 00h00 +00:00 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
9.8
Critical
CVE-2022-22957 2022-04-13 00h00 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
7.2
High
CVE-2022-22960 2022-04-13 00h00 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
7.8
High
CVE-2022-22954 2022-04-11 19h37 +00:00 VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
9.8
Critical
CVE-2021-22056 2021-12-20 19h08 +00:00 VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
7.5
High