4.0.1

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-20	CVE-2022-22972	Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. network low complexity vmware critical	9.8
2022-05-20	CVE-2022-22973	Unspecified vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. local low complexity vmware	7.8
2022-04-13	CVE-2022-22957	Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). network low complexity vmware CWE-502	6.5
2022-04-13	CVE-2022-22958	Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). network low complexity vmware CWE-502	7.2
2022-04-13	CVE-2022-22959	Cross-Site Request Forgery (CSRF) vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. network vmware CWE-352	4.3
2022-04-13	CVE-2022-22960	Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. local low complexity vmware CWE-732	7.8
2022-04-13	CVE-2022-22961	Information Exposure vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. network low complexity vmware CWE-200	5.3
2022-04-11	CVE-2022-22954	Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. network low complexity vmware CWE-94 critical	10.0
2022-02-16	CVE-2021-22040	Use After Free vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. local low complexity vmware CWE-416	4.6
2022-02-16	CVE-2021-22041	Unspecified vulnerability in VMWare products VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. local low complexity vmware	4.6