Vulnerabilities > Vmware > Vrealize Automation > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-22972 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |
| 2022-04-13 | CVE-2022-22956 | Improper Authentication vulnerability in VMWare products VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. | 9.8 |
| 2022-04-13 | CVE-2022-22955 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. | 9.8 |
| 2022-04-11 | CVE-2022-22954 | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 9.8 |
| 2018-04-13 | CVE-2018-6959 | Session Fixation vulnerability in VMWare Vrealize Automation VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. | 9.8 |
| 2018-01-29 | CVE-2017-4947 | Deserialization of Untrusted Data vulnerability in VMWare Vrealize Automation and Vsphere Integrated Containers VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. | 9.8 |
| 2016-12-29 | CVE-2016-7460 | XXE vulnerability in VMWare Vrealize Automation The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 9.1 |
| 2016-08-31 | CVE-2016-5336 | Unspecified vulnerability in VMWare Vrealize Automation 7.0/7.0.1 VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |