Workspace One Access
by VMware
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-22973 | 0.00 | — | 0.00 | May 20, 2022 | VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||
| CVE-2022-22958 | 0.00 | — | 0.03 | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which… | |||
| CVE-2022-22961 | 0.00 | — | 0.00 | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can… | |||
| CVE-2022-22959 | 0.00 | — | 0.00 | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. | |||
| CVE-2021-22056 | 0.00 | — | 0.01 | Dec 20, 2021 | VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. | |||
| CVE-2021-22057 | 0.00 | — | 0.01 | Dec 20, 2021 | VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. | |||
| CVE-2021-22003 | 0.00 | — | 0.00 | Aug 31, 2021 | VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy… | |||
| CVE-2021-22002 | 0.00 | — | 0.00 | Aug 31, 2021 | VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the… | |||
| CVE-2020-3940 | 0.00 | — | 0.00 | Jan 17, 2020 | VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. |
- CVE-2022-22973May 20, 2022risk 0.00cvss —epss 0.00
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
- CVE-2022-22958Apr 13, 2022risk 0.00cvss —epss 0.03
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which…
- CVE-2022-22961Apr 13, 2022risk 0.00cvss —epss 0.00
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can…
- CVE-2022-22959Apr 13, 2022risk 0.00cvss —epss 0.00
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
- CVE-2021-22056Dec 20, 2021risk 0.00cvss —epss 0.01
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
- CVE-2021-22057Dec 20, 2021risk 0.00cvss —epss 0.01
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.
- CVE-2021-22003Aug 31, 2021risk 0.00cvss —epss 0.00
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy…
- CVE-2021-22002Aug 31, 2021risk 0.00cvss —epss 0.00
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the…
- CVE-2020-3940Jan 17, 2020risk 0.00cvss —epss 0.00
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.
Page 2 of 2