CVE-2023-20855

>= 8.0 and < 8.11.1

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative acces

8.8HIGH

CVE-2022-22972

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting loc

9.8CRITICAL

CVE-2022-22961

>= 8.0 and < 9.0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to retur

5.3MEDIUM

CVE-2022-22960

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper

7.8HIGH

CVE-2022-22959

>= 8.0 and < 9.0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malici

4.3MEDIUM

CVE-2022-22958

>= 8.0 and < 9.0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-

7.2HIGH

CVE-2022-22957

>= 8.0 and < 9.0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-

7.2HIGH

CVE-2022-22956

>= 8.0 and < 9.0

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS fram

9.8CRITICAL

CVE-2022-22955

>= 8.0 and < 9.0

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS fram

9.8CRITICAL

CVE-2022-22954

all versions

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injecti

9.8CRITICAL

CVE-2021-22056

>= 8.0 and <= 8.6

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability

7.5HIGH

CVE-2021-22036

>= 8.0 and < 8.6

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A maliciou

6.5MEDIUM

CVE-2018-6959

< 7.4.0

VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issu

9.8CRITICAL

CVE-2018-6958

< 7.3.1

VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS)

6.1MEDIUM

CVE-2017-4947

all versions

VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerabilit

9.8CRITICAL

CVE-2016-7460

all versions

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 all

9.1CRITICAL

CVE-2016-5334

>= 7.0 and < 7.2.0

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and

5.3MEDIUM

CVE-2016-5336

all versions

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8CRITICAL

CVE-2016-5335

>= 7.0 and < 7.1

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspec

7.8HIGH

CVE-2015-2344

all versions

Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users

5.4MEDIUM