Vulnerabilities > Vmware > Workspace ONE Access

DATE CVE VULNERABILITY TITLE RISK
2023-05-30 CVE-2023-20884 Open Redirect vulnerability in VMWare products
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
network
low complexity
vmware CWE-601
6.1
6.1
2022-05-20 CVE-2022-22972 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.
network
low complexity
vmware
critical
 9.8
9.8
2022-05-20 CVE-2022-22973 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability.
local
low complexity
vmware
7.8
7.8
2022-04-13 CVE-2022-22955 Unspecified vulnerability in VMWare products
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.
network
low complexity
vmware
critical
 9.8
9.8
2022-04-13 CVE-2022-22956 Improper Authentication vulnerability in VMWare products
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.
network
low complexity
vmware CWE-287
critical
 9.8
9.8
2022-04-13 CVE-2022-22957 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
7.2
2022-04-13 CVE-2022-22958 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
7.2
2022-04-13 CVE-2022-22959 Cross-Site Request Forgery (CSRF) vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability.
network
low complexity
vmware CWE-352
4.3
4.3
2022-04-13 CVE-2022-22960 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
local
low complexity
vmware CWE-732
7.8
7.8
2022-04-13 CVE-2022-22961 Information Exposure vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information.
network
low complexity
vmware CWE-200
5.3
5.3