Vmware Vrealize Automation vulnerabilities

CVE-2023-20855 [HIGH] CWE-611 CVE-2023-20855: VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

CVE-2022-22972 [CRITICAL] CVE-2022-22972: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypa VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

CVE-2022-22955 [CRITICAL] CVE-2022-22955: VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

CVE-2022-22956 [CRITICAL] CVE-2022-22956: VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

CVE-2022-22958 [HIGH] CVE-2022-22958: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execut VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

CVE-2022-22957 [HIGH] CWE-502 CVE-2022-22957: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execut VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

CVE-2022-22960 [HIGH] CWE-732 CVE-2022-22960: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

CVE-2022-22961 [MEDIUM] CWE-200 CVE-2022-22961: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclos VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.

CVE-2022-22959 [MEDIUM] CWE-352 CVE-2022-22959: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request f VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

CVE-2022-22954 [CRITICAL] CWE-94 CVE-2022-22954: VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due t VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

CVE-2021-22056 [HIGH] CWE-918 CVE-2021-22056: VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

CVE-2021-22036 [MEDIUM] CWE-200 CVE-2021-22036: VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to impr VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

CVE-2018-6959 [CRITICAL] CWE-384 CVE-2018-6959: VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.

CVE-2018-6958 [MEDIUM] CWE-79 CVE-2018-6958: VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-ba VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.

CVE-2017-4947 [CRITICAL] CWE-502 CVE-2017-4947: VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.

CVE-2016-7460 [CRITICAL] CWE-611 CVE-2016-7460: The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize A The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issu

CVE-2016-5334 [MEDIUM] CWE-668 CVE-2016-5334: VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attac VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

CVE-2016-5336 [CRITICAL] CVE-2016-5336: VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via un VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2016-5335 [HIGH] CVE-2016-5335: VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.

CVE-2015-2344 [MEDIUM] CWE-79 CVE-2015-2344: Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux all Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.