Vulnerabilities > Vmware > Identity Manager

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2022-31664 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability.
local
low complexity
vmware
7.8
7.8
2022-08-05 CVE-2022-31665 Injection vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability.
network
low complexity
vmware CWE-74
7.2
7.2
2022-05-20 CVE-2022-22972 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
network
low complexity
vmware
critical
 9.8
9.8
2022-05-20 CVE-2022-22973 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability.
local
low complexity
vmware
7.8
7.8
2022-04-13 CVE-2022-22955 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.
network
low complexity
vmware
critical
 9.8
9.8
2022-04-13 CVE-2022-22956 Improper Authentication vulnerability in VMWare products
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.
network
low complexity
vmware CWE-287
critical
 9.8
9.8
2022-04-13 CVE-2022-22957 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
7.2
2022-04-13 CVE-2022-22958 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
7.2
2022-04-13 CVE-2022-22959 Cross-Site Request Forgery (CSRF) vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability.
network
low complexity
vmware CWE-352
4.3
4.3
2022-04-13 CVE-2022-22960 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
local
low complexity
vmware CWE-732
7.8
7.8