VYPR

Vrealize Automation

by VMware

CVEs (21)

  • CVE-2018-6959CriApr 13, 2018
    risk 0.64cvss 9.8epss 0.02

    VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.

  • CVE-2017-4947CriJan 29, 2018
    risk 0.64cvss 9.8epss 0.09

    VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.

  • CVE-2016-5336CriAug 31, 2016
    risk 0.64cvss 9.8epss 0.03

    VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-7460CriDec 29, 2016
    risk 0.59cvss 9.1epss 0.02

    The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in…

  • CVE-2016-5335HigAug 31, 2016
    risk 0.51cvss 7.8epss 0.00

    VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.

  • CVE-2018-6958MedApr 13, 2018
    risk 0.40cvss 6.1epss 0.01

    VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.

  • CVE-2016-5334MedDec 29, 2016
    risk 0.35cvss 5.3epss 0.02

    VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

  • CVE-2015-2344MedMar 16, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2022-22960KEVApr 13, 2022
    risk 0.21cvss epss 0.37

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

  • CVE-2022-22972May 20, 2022
    risk 0.07cvss epss 0.53

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

  • CVE-2022-31656Aug 5, 2022
    risk 0.06cvss epss 0.18

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

  • CVE-2022-22957Apr 13, 2022
    risk 0.06cvss epss 0.22

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which…

  • CVE-2022-31660Aug 5, 2022
    risk 0.03cvss epss 0.01

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

  • CVE-2022-31658Aug 5, 2022
    risk 0.00cvss epss 0.02

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

  • CVE-2022-31661Aug 5, 2022
    risk 0.00cvss epss 0.00

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.

  • CVE-2022-31664Aug 5, 2022
    risk 0.00cvss epss 0.00

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

  • CVE-2022-31665Aug 5, 2022
    risk 0.00cvss epss 0.02

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

  • CVE-2022-31662Aug 5, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.

  • CVE-2022-22958Apr 13, 2022
    risk 0.00cvss epss 0.03

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which…

  • CVE-2022-22961Apr 13, 2022
    risk 0.00cvss epss 0.01

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can…

Page 1 of 2