Skip to main content

Vrealize Suite Lifecycle Manager

21 CVEs product

Monthly

CVE-2022-22973 HIGH This Week

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Privilege Escalation Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-22972 CRITICAL POC THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access +2
NVD
CVSS 3.1
9.8
EPSS
52.8%
CVE-2022-22961 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-22960 HIGH POC KEV PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
7.8
EPSS
37.2%
CVE-2022-22959 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-22958 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2022-22957 HIGH POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD GitHub
CVSS 3.1
7.2
EPSS
23.1%
CVE-2022-22954 CRITICAL POC KEV THREAT Emergency

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

VMware RCE Code Injection Identity Manager Vrealize Automation +3
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-22035 MEDIUM PATCH This Month

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection VMware Cloud Foundation Vrealize Log Insight Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-22033 LOW PATCH Monitor

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Cloud Foundation Vrealize Operations Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2021-22003 HIGH PATCH This Week

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22002 CRITICAL PATCH Act Now

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-22027 HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-22026 HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-22025 HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-22024 HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22023 HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-22022 MEDIUM PATCH This Month

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21983 MEDIUM POC THREAT This Month

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
6.5
EPSS
68.6%
CVE-2021-21975 HIGH POC KEV THREAT Act Now

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
78.3%
CVE-2020-4006 CRITICAL KEV THREAT Act Now

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware Identity Manager Identity Manager Connector One Access +2
NVD
CVSS 3.1
9.1
EPSS
23.8%
EPSS 2% CVSS 7.8
HIGH This Week

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Privilege Escalation Identity Manager +3
NVD
EPSS 53% CVSS 9.8
CRITICAL POC THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Identity Manager +4
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Cloud Foundation +4
NVD
EPSS 37% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Cloud Foundation +4
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF Cloud Foundation +4
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE +5
NVD
EPSS 23% CVSS 7.2
HIGH POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE +5
NVD GitHub
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

VMware RCE Code Injection +5
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection VMware Cloud Foundation +2
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Cloud Foundation +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Identity Manager +3
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Cloud Foundation +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Cloud Foundation +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Cloud Foundation Vrealize Operations Manager +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cloud Foundation Vrealize Operations Manager +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Cloud Foundation Vrealize Operations Manager +1
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Information Disclosure Cloud Foundation +2
NVD
EPSS 69% CVSS 6.5
MEDIUM POC THREAT This Month

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Foundation Vrealize Operations Manager +1
NVD
EPSS 78% CVSS 7.5
HIGH POC KEV THREAT Act Now

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cloud Foundation Vrealize Operations Manager +1
NVD
EPSS 24% CVSS 9.1
CRITICAL KEV THREAT Act Now

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware Identity Manager +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy