Vulnerabilities > Vmware > Vrealize Automation > 8.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-22 | CVE-2023-20855 | XXE vulnerability in VMWare Vrealize Automation and Vrealize Orchestrator VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. | 8.8 |
| 2022-04-13 | CVE-2022-22955 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. | 9.8 |
| 2022-04-13 | CVE-2022-22956 | Improper Authentication vulnerability in VMWare products VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. | 7.5 |
| 2022-04-13 | CVE-2022-22957 | Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). | 6.5 |
| 2022-04-13 | CVE-2022-22958 | Deserialization of Untrusted Data vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). | 7.2 |
| 2022-04-13 | CVE-2022-22959 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. | 4.3 |
| 2022-04-13 | CVE-2022-22960 | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. | 7.8 |
| 2022-04-13 | CVE-2022-22961 | Information Exposure vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. | 5.3 |
| 2022-04-11 | CVE-2022-22954 | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 10.0 |
| 2021-12-20 | CVE-2021-22056 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. | 5.0 |