Vulnerabilities > Vmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-09 CVE-2022-31686 Unspecified vulnerability in VMWare Workspace ONE Assist
VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability.
network
low complexity
vmware
critical
 9.8
9.8
2022-11-09 CVE-2022-31687 Unspecified vulnerability in VMWare Workspace ONE Assist
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability.
network
low complexity
vmware
critical
 9.8
9.8
2022-11-09 CVE-2022-31689 Session Fixation vulnerability in VMWare Workspace ONE Assist
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability.
network
low complexity
vmware CWE-384
critical
 9.8
9.8
2022-11-04 CVE-2022-31691 Unspecified vulnerability in VMWare products
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support.
network
low complexity
vmware
critical
 9.8
9.8
2022-10-31 CVE-2022-31692 Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types.
network
low complexity
vmware netapp
critical
 9.8
9.8
2022-10-28 CVE-2022-31678 XXE vulnerability in VMWare Cloud Foundation and NSX Data Center
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability.
network
low complexity
vmware CWE-611
critical
 9.1
9.1
2022-10-07 CVE-2022-31680 Deserialization of Untrusted Data vulnerability in VMWare Vcenter Server
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller).
network
low complexity
vmware CWE-502
critical
 9.1
9.1
2022-08-05 CVE-2022-31656 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
network
low complexity
vmware
critical
 9.8
9.8
2022-08-05 CVE-2022-31657 Open Redirect vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability.
network
low complexity
vmware CWE-601
critical
 9.8
9.8
2022-05-20 CVE-2022-22972 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
network
low complexity
vmware
critical
 9.8
9.8