Vrealize Automation
by VMware
CVEs (21)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6959 | Cri | 0.64 | 9.8 | 0.02 | Apr 13, 2018 | VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session. | ||
| CVE-2017-4947 | Cri | 0.64 | 9.8 | 0.09 | Jan 29, 2018 | VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. | ||
| CVE-2016-5336 | Cri | 0.64 | 9.8 | 0.03 | Aug 31, 2016 | VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-7460 | Cri | 0.59 | 9.1 | 0.02 | Dec 29, 2016 | The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in… | ||
| CVE-2016-5335 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2016 | VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. | ||
| CVE-2018-6958 | Med | 0.40 | 6.1 | 0.01 | Apr 13, 2018 | VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. | ||
| CVE-2016-5334 | Med | 0.35 | 5.3 | 0.02 | Dec 29, 2016 | VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | ||
| CVE-2015-2344 | Med | 0.35 | 5.4 | 0.01 | Mar 16, 2016 | Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2022-22960 | 0.21 | — | 0.37 | KEV | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. | ||
| CVE-2022-22972 | 0.07 | — | 0.53 | May 20, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | |||
| CVE-2022-31656 | 0.06 | — | 0.18 | Aug 5, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | |||
| CVE-2022-22957 | 0.06 | — | 0.22 | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which… | |||
| CVE-2022-31660 | 0.03 | — | 0.01 | Aug 5, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||
| CVE-2022-31658 | 0.00 | — | 0.02 | Aug 5, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | |||
| CVE-2022-31661 | 0.00 | — | 0.00 | Aug 5, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'. | |||
| CVE-2022-31664 | 0.00 | — | 0.00 | Aug 5, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | |||
| CVE-2022-31665 | 0.00 | — | 0.02 | Aug 5, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | |||
| CVE-2022-31662 | 0.00 | — | 0.01 | Aug 5, 2022 | VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. | |||
| CVE-2022-22958 | 0.00 | — | 0.03 | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which… | |||
| CVE-2022-22961 | 0.00 | — | 0.01 | Apr 13, 2022 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can… |
- risk 0.64cvss 9.8epss 0.02
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.
- risk 0.64cvss 9.8epss 0.09
VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
- risk 0.64cvss 9.8epss 0.03
VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.59cvss 9.1epss 0.02
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in…
- risk 0.51cvss 7.8epss 0.00
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.
- risk 0.35cvss 5.3epss 0.02
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.21cvss —epss 0.37
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
- CVE-2022-22972May 20, 2022risk 0.07cvss —epss 0.53
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
- CVE-2022-31656Aug 5, 2022risk 0.06cvss —epss 0.18
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
- CVE-2022-22957Apr 13, 2022risk 0.06cvss —epss 0.22
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which…
- CVE-2022-31660Aug 5, 2022risk 0.03cvss —epss 0.01
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
- CVE-2022-31658Aug 5, 2022risk 0.00cvss —epss 0.02
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
- CVE-2022-31661Aug 5, 2022risk 0.00cvss —epss 0.00
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
- CVE-2022-31664Aug 5, 2022risk 0.00cvss —epss 0.00
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
- CVE-2022-31665Aug 5, 2022risk 0.00cvss —epss 0.02
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
- CVE-2022-31662Aug 5, 2022risk 0.00cvss —epss 0.01
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
- CVE-2022-22958Apr 13, 2022risk 0.00cvss —epss 0.03
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which…
- CVE-2022-22961Apr 13, 2022risk 0.00cvss —epss 0.01
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can…
Page 1 of 2