Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vrealize automation vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2016-2076
Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 prior to 6.2.4.1 mishandles session content, which allows remote malicious users to hijack sessions via a craf...
Vmware Vcloud Automation Identity Appliance 6.2.4
Vmware Vcenter Server 5.5
Vmware Vcloud Director 5.5.5
Vmware Vcenter Server
580
VMScore
CVE-2022-22958
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI whi...
Vmware Cloud Foundation
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation
Vmware Vrealize Automation 7.6
Vmware Vrealize Suite Lifecycle Manager
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
578
VMScore
CVE-2021-22057
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.
Vmware Workspace One Access 20.10
Vmware Workspace One Access 21.08
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.1
1 Article
570
VMScore
CVE-2016-7460
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x prior to 6.2.5 allows remote malicious users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in con...
Vmware Vrealize Automation 6.0.1.1
Vmware Vrealize Automation 6.0.1.2
Vmware Vrealize Automation 6.2.4
Vmware Vrealize Automation 6.1.0
Vmware Vrealize Automation 6.1.1
Vmware Vrealize Automation 6.2.0
Vmware Vrealize Automation 6.2.1
Vmware Vrealize Automation 6.0.0
Vmware Vrealize Automation 6.0.1
Vmware Vrealize Automation 6.2.2
Vmware Vrealize Automation 6.2.3
446
VMScore
CVE-2022-22961
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can le...
Vmware Cloud Foundation
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation
Vmware Vrealize Automation 7.6
Vmware Vrealize Suite Lifecycle Manager
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
445
VMScore
CVE-2021-22056
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Vrealize Automation 7.6
Vmware Vrealize Automation
Vmware Workspace One Access 20.10
Vmware Workspace One Access 20.10.01
Vmware Workspace One Access 21.08
Vmware Workspace One Access 21.08.01
445
VMScore
CVE-2021-22003
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy c...
Vmware Identity Manager 3.3.2
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Workspace One Access 20.01
Vmware Workspace One Access 20.10
Vmware Workspace One Access 20.10.01
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Cloud Foundation 4.1
Vmware Cloud Foundation 4.1.0.1
Vmware Cloud Foundation 4.2.1
Vmware Vrealize Suite Lifecycle Manager 8.0
Vmware Vrealize Suite Lifecycle Manager 8.0.1
Vmware Vrealize Suite Lifecycle Manager 8.1
Vmware Vrealize Suite Lifecycle Manager 8.2
445
VMScore
CVE-2016-5334
VMware Identity Manager 2.x prior to 2.7.1 and vRealize Automation 7.x prior to 7.2.0 allow remote malicious users to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
Vmware Identity Manager
Vmware Vrealize Automation
384
VMScore
CVE-2022-22959
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
Vmware Cloud Foundation
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation 7.6
Vmware Vrealize Automation
Vmware Vrealize Suite Lifecycle Manager
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
383
VMScore
CVE-2021-22036
VMware vRealize Orchestrator ((8.x before 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive info...
Vmware Vrealize Automation
Vmware Vrealize Orchestrator
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »