VYPR

Workspace One Access

by VMware

CVEs (29)

  • CVE-2022-31659HigAug 5, 2022
    risk 0.47cvss 7.2epss 0.02

    VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

  • CVE-2022-31658HigAug 5, 2022
    risk 0.47cvss 7.2epss 0.02

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

  • CVE-2022-22958HigApr 13, 2022
    risk 0.47cvss 7.2epss 0.03

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which…

  • CVE-2023-20884MedMay 30, 2023
    risk 0.40cvss 6.1epss 0.00

    VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

  • CVE-2022-31663MedAug 5, 2022
    risk 0.40cvss 6.1epss 0.01

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's…

  • CVE-2020-3940MedJan 17, 2020
    risk 0.38cvss 5.9epss 0.01

    VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

  • CVE-2022-22961MedApr 13, 2022
    risk 0.35cvss 5.3epss 0.01

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can…

  • CVE-2022-31701MedDec 14, 2022
    risk 0.34cvss 5.3epss 0.01

    VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

  • CVE-2022-22959MedApr 13, 2022
    risk 0.28cvss 4.3epss 0.01

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

Page 2 of 2