VYPR
Vendor

Omnissa

Products
5
CVEs
9
Across products
9
Status
Private

Products

5

Recent CVEs

9
  • CVE-2025-25235HigAug 11, 2025
    risk 0.56cvss 8.6epss 0.00

    Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.

  • CVE-2026-22926HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.

  • CVE-2025-25230HigApr 16, 2025
    risk 0.51cvss 7.8epss 0.00

    Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges.

  • CVE-2024-11468HigFeb 4, 2025
    risk 0.51cvss 7.8epss 0.00

    Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the…

  • CVE-2024-11467HigFeb 4, 2025
    risk 0.51cvss 7.8epss 0.00

    Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS…

  • CVE-2025-25231HigAug 11, 2025
    risk 0.50cvss 7.5epss 0.19

    Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.

  • CVE-2025-25234HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.

  • CVE-2025-25229MedAug 11, 2025
    risk 0.35cvss 5.4epss 0.00

    Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources.

  • CVE-2025-25236MedNov 12, 2025
    risk 0.34cvss 5.3epss 0.00

    Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks.