Workspace One Access
by VMware
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31659 | Hig | 0.47 | 7.2 | 0.02 | Aug 5, 2022 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | ||
| CVE-2022-31658 | Hig | 0.47 | 7.2 | 0.02 | Aug 5, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | ||
| CVE-2022-22958 | Hig | 0.47 | 7.2 | 0.03 | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which… | ||
| CVE-2023-20884 | Med | 0.40 | 6.1 | 0.00 | May 30, 2023 | VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | ||
| CVE-2022-31663 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's… | ||
| CVE-2020-3940 | Med | 0.38 | 5.9 | 0.01 | Jan 17, 2020 | VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. | ||
| CVE-2022-22961 | Med | 0.35 | 5.3 | 0.01 | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can… | ||
| CVE-2022-31701 | Med | 0.34 | 5.3 | 0.01 | Dec 14, 2022 | VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | ||
| CVE-2022-22959 | Med | 0.28 | 4.3 | 0.01 | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. |
- risk 0.47cvss 7.2epss 0.02
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
- risk 0.47cvss 7.2epss 0.02
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
- risk 0.47cvss 7.2epss 0.03
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which…
- risk 0.40cvss 6.1epss 0.00
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
- risk 0.40cvss 6.1epss 0.01
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's…
- risk 0.38cvss 5.9epss 0.01
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.
- risk 0.35cvss 5.3epss 0.01
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can…
- risk 0.34cvss 5.3epss 0.01
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
- risk 0.28cvss 4.3epss 0.01
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
Page 2 of 2