Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware vrealize automation vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-6958
VMware vRealize Automation (vRA) before 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.
Vmware Vrealize Automation
4
CVSSv2
CVE-2020-11652
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Blackberry Workspaces Server 9.1.0
Blackberry Workspaces Server
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
12 Github repositories
4 Articles
4
CVSSv2
CVE-2019-1003068
Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Vmware Vrealize Automation
3.5
CVSSv2
CVE-2015-2344
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x prior to 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Vmware Vrealize Automation 6.2.3
Vmware Vrealize Automation 6.2.2
Vmware Vrealize Automation 6.0.1
Vmware Vrealize Automation 6.0
Vmware Vrealize Automation 6.1.1
Vmware Vrealize Automation 6.1
Vmware Vrealize Automation 6.0.1.2
Vmware Vrealize Automation 6.0.1.1
Vmware Vrealize Automation 6.2.1
Vmware Vrealize Automation 6.2
NA
CVE-2023-20855
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information o...
Vmware Vrealize Automation
Vmware Vrealize Orchestrator
NA
CVE-2022-31656
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware One Access 21.08.0.0
Vmware One Access 21.08.0.1
Vmware Access Connector 21.08.0.0
Vmware Access Connector 21.08.0.1
Vmware Access Connector 22.05
Vmware Identity Manager Connector 3.3.4
Vmware Identity Manager Connector 3.3.5
Vmware Identity Manager Connector 3.3.6
Vmware Identity Manager Connector 19.03.0.1
1 Article
NA
CVE-2022-31657
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware One Access 21.08.0.0
Vmware One Access 21.08.0.1
Vmware Access Connector 21.08.0.0
Vmware Access Connector 21.08.0.1
Vmware Access Connector 22.05
Vmware Identity Manager Connector 3.3.4
Vmware Identity Manager Connector 3.3.5
Vmware Identity Manager Connector 3.3.6
Vmware Identity Manager Connector 19.03.0.1
NA
CVE-2022-31658
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware One Access 21.08.0.1
Vmware One Access 21.08.0.0
Vmware Identity Manager Connector 3.3.4
Vmware Identity Manager Connector 3.3.5
Vmware Identity Manager Connector 3.3.6
Vmware Identity Manager Connector 19.03.0.1
Vmware Access Connector 21.08.0.1
Vmware Access Connector 21.08.0.0
Vmware Access Connector 22.05
1 Article
NA
CVE-2022-31659
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware One Access 21.08.0.1
Vmware One Access 21.08.0.0
Vmware Identity Manager Connector 3.3.4
Vmware Identity Manager Connector 3.3.5
Vmware Identity Manager Connector 3.3.6
Vmware Identity Manager Connector 19.03.0.1
Vmware Access Connector 22.05
Vmware Access Connector 22.08.0.1
Vmware Access Connector 22.08.0.0
1 Article
NA
CVE-2022-31661
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware One Access 21.08.0.0
Vmware One Access 21.08.0.1
Vmware Access Connector 21.08.0.0
Vmware Access Connector 21.08.0.1
Vmware Access Connector 22.05
Vmware Identity Manager Connector 3.3.4
Vmware Identity Manager Connector 3.3.5
Vmware Identity Manager Connector 3.3.6
Vmware Identity Manager Connector 19.03.0.1
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »