VMware vRealize Suite Lifecycle Manager 8.6

CPE Details

VMware vRealize Suite Lifecycle Manager 8.6
8.6
2022-05-27
14h42 +00:00
2023-05-11
15h51 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.6:*:*:*:*:*:*:*

Informations

Vendor

vmware

Product

vrealize_suite_lifecycle_manager

Version

8.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-22972 2022-05-20 18h18 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
9.8
Critical
CVE-2022-22973 2022-05-20 18h18 +00:00 VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
7.8
High
CVE-2022-22958 2022-04-13 15h05 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
7.2
High
CVE-2022-22961 2022-04-13 15h05 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
5.3
Medium
CVE-2022-22959 2022-04-13 15h05 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
4.3
Medium
CVE-2022-22957 2022-04-13 00h00 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
7.2
High
CVE-2022-22960 2022-04-13 00h00 +00:00 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
7.8
High