Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware identity manager vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-5334
VMware Identity Manager 2.x prior to 2.7.1 and vRealize Automation 7.x prior to 7.2.0 allow remote malicious users to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
Vmware Identity Manager
Vmware Vrealize Automation
7.2
CVSSv2
CVE-2016-5335
VMware Identity Manager 2.x prior to 2.7 and vRealize Automation 7.0.x prior to 7.1 allow local users to obtain root access via unspecified vectors.
Vmware Identity Manager
Vmware Vrealize Automation
7.2
CVSSv2
CVE-2022-22973
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Vrealize Suite Lifecycle Manager 8.0
Vmware Vrealize Suite Lifecycle Manager 8.0.1
Vmware Vrealize Suite Lifecycle Manager 8.1
Vmware Vrealize Suite Lifecycle Manager 8.2
Vmware Cloud Foundation 4.1
Vmware Cloud Foundation 4.2.1
Vmware Cloud Foundation 4.1.0.1
Vmware Cloud Foundation 4.3.1
Vmware Cloud Foundation 4.3
Vmware Cloud Foundation 4.2
Vmware Vrealize Suite Lifecycle Manager 8.8
Vmware Vrealize Suite Lifecycle Manager 8.7
1 Article
7.5
CVSSv2
CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation 7.6
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Vrealize Suite Lifecycle Manager 8.0
Vmware Vrealize Suite Lifecycle Manager 8.0.1
Vmware Vrealize Suite Lifecycle Manager 8.1
Vmware Vrealize Suite Lifecycle Manager 8.2
Vmware Cloud Foundation 3.0
Vmware Cloud Foundation 3.0.1
Vmware Cloud Foundation 3.0.1.1
Vmware Cloud Foundation 3.5
Vmware Cloud Foundation 3.5.1
Vmware Cloud Foundation 3.7
Vmware Cloud Foundation 3.7.1
6 Github repositories
2 Articles
5
CVSSv2
CVE-2021-22003
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy c...
Vmware Identity Manager 3.3.2
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Workspace One Access 20.01
Vmware Workspace One Access 20.10
Vmware Workspace One Access 20.10.01
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Cloud Foundation 4.1
Vmware Cloud Foundation 4.1.0.1
Vmware Cloud Foundation 4.2.1
Vmware Vrealize Suite Lifecycle Manager 8.0
Vmware Vrealize Suite Lifecycle Manager 8.0.1
Vmware Vrealize Suite Lifecycle Manager 8.1
Vmware Vrealize Suite Lifecycle Manager 8.2
7.5
CVSSv2
CVE-2021-22002
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /c...
Vmware Identity Manager 3.3.2
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Workspace One Access 20.01
Vmware Workspace One Access 20.10
Vmware Workspace One Access 20.10.01
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Cloud Foundation 4.1
Vmware Cloud Foundation 4.1.0.1
Vmware Cloud Foundation 4.2.1
Vmware Vrealize Suite Lifecycle Manager 8.0
Vmware Vrealize Suite Lifecycle Manager 8.0.1
Vmware Vrealize Suite Lifecycle Manager 8.1
Vmware Vrealize Suite Lifecycle Manager 8.2
9
CVSSv2
CVE-2020-4006
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Vmware Identity Manager 3.3.1
Vmware Identity Manager 3.3.2
Vmware Identity Manager 3.3.3
Vmware Identity Manager Connector 3.3.1
Vmware Identity Manager Connector 3.3.2
Vmware One Access 20.01
Vmware One Access 20.10
Vmware Identity Manager Connector 3.3.3
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Vrealize Suite Lifecycle Manager
2 Articles
10
CVSSv2
CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Vmware Identity Manager 3.3.3
Vmware Vrealize Automation 7.6
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Vrealize Automation
Vmware Identity Manager 3.3.6
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 21.08.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Vrealize Suite Lifecycle Manager
Vmware Cloud Foundation
1 Metasploit module
25 Github repositories
3 Articles
4.3
CVSSv2
CVE-2022-22959
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
Vmware Cloud Foundation
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation 7.6
Vmware Vrealize Automation
Vmware Vrealize Suite Lifecycle Manager
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
NA
CVE-2022-31661
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware One Access 21.08.0.0
Vmware One Access 21.08.0.1
Vmware Access Connector 21.08.0.0
Vmware Access Connector 21.08.0.1
Vmware Access Connector 22.05
Vmware Identity Manager Connector 3.3.4
Vmware Identity Manager Connector 3.3.5
Vmware Identity Manager Connector 3.3.6
Vmware Identity Manager Connector 19.03.0.1
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »