CVE-2022-22973

all versions

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access

7.8HIGH

CVE-2022-22972

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting loc

9.8CRITICAL

CVE-2022-22961

>= 8.0 and < 9.0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to retur

5.3MEDIUM

CVE-2022-22960

>= 8.0 and < 9.0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper

7.8HIGH

CVE-2022-22959

>= 8.0 and < 9.0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malici

4.3MEDIUM

CVE-2022-22958

>= 8.0 and < 9.0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-

7.2HIGH

CVE-2022-22957

>= 8.0 and < 9.0

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-

7.2HIGH

CVE-2022-22954

>= 8.0 and <= 8.2

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injecti

9.8CRITICAL

CVE-2021-22035

>= 8.0.0 and <= 8.2

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analyt

4.3MEDIUM

CVE-2021-22033

>= 8.0 and <= 8.2

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

2.7LOW

CVE-2021-22003

all versions

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with n

7.5HIGH

CVE-2021-22002

all versions

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed vi

9.8CRITICAL

CVE-2021-22027

>= 8.0 and <= 8.2

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated

7.5HIGH

CVE-2021-22026

>= 8.0 and <= 8.2

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated

7.5HIGH

CVE-2021-22025

>= 8.0 and <= 8.2

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated A

7.5HIGH

CVE-2021-22024

>= 8.0 and <= 8.2

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malic

7.5HIGH

CVE-2021-22023

>= 8.0 and <= 8.2

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with adminis

7.2HIGH

CVE-2021-22022

>= 8.0 and <= 8.2

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with admin

4.9MEDIUM

CVE-2021-21983

all versions

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated mal

6.5MEDIUM

CVE-2021-21975

all versions

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with netw

7.5HIGH

CVE-2020-4006

>= 8.0 and <= 8.2

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection v

9.1CRITICAL