Skip to main content

Vrealize Automation

19 CVEs product

Monthly

CVE-2023-20855 HIGH PATCH This Week

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

XXE VMware Vrealize Automation Vrealize Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-22972 CRITICAL POC THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access +2
NVD
CVSS 3.1
9.8
EPSS
52.8%
CVE-2022-22961 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-22960 HIGH POC KEV PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
7.8
EPSS
37.2%
CVE-2022-22959 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-22958 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2022-22957 HIGH POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD GitHub
CVSS 3.1
7.2
EPSS
23.1%
CVE-2022-22956 CRITICAL POC PATCH THREAT Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access
NVD GitHub
CVSS 3.1
9.8
EPSS
50.7%
CVE-2022-22955 CRITICAL PATCH Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2022-22954 CRITICAL POC KEV THREAT Emergency

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

VMware RCE Code Injection Identity Manager Vrealize Automation +3
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-22056 HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Identity Manager Vrealize Automation Workspace One Access
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-22036 MEDIUM This Month

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Information Disclosure VMware Vrealize Automation Vrealize Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2018-6959 CRITICAL Act Now

VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure VMware Vrealize Automation
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-6958 MEDIUM This Month

VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS VMware Vrealize Automation
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2016-7460 CRITICAL Act Now

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE VMware Vrealize Automation
NVD
CVSS 3.0
9.1
EPSS
2.0%
CVE-2016-5334 MEDIUM PATCH This Month

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure VMware Identity Manager Vrealize Automation
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2016-5336 CRITICAL PATCH Act Now

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE VMware Vrealize Automation
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-5335 HIGH PATCH This Week

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure VMware Identity Manager Vrealize Automation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2015-2344 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS VMware Vrealize Automation
NVD
CVSS 3.0
5.4
EPSS
0.1%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

XXE VMware Vrealize Automation +1
NVD
EPSS 53% CVSS 9.8
CRITICAL POC THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Identity Manager +4
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Cloud Foundation +4
NVD
EPSS 37% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Cloud Foundation +4
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF Cloud Foundation +4
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE +5
NVD
EPSS 23% CVSS 7.2
HIGH POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE +5
NVD GitHub
EPSS 51% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager +2
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Authentication Bypass Identity Manager +2
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

VMware RCE Code Injection +5
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Identity Manager +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Information Disclosure VMware +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure VMware +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS VMware Vrealize Automation
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE VMware +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure VMware Identity Manager +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE VMware Vrealize Automation
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure VMware Identity Manager +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS VMware Vrealize Automation
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy