Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Vmware Subscribe
Filtered by product Workspace One Access

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22972 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2023-08-08 7.5 HIGH 9.8 CRITICAL
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
CVE-2022-22955 2 Linux, Vmware 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more 2023-08-08 7.5 HIGH 9.8 CRITICAL
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVE-2021-22057 2 Linux, Vmware 2 Linux Kernel, Workspace One Access 2022-07-12 7.5 HIGH 9.8 CRITICAL
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.
CVE-2022-22954 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2022-05-03 10.0 HIGH 9.8 CRITICAL
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVE-2021-22002 2 Linux, Vmware 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more 2021-09-09 7.5 HIGH 9.8 CRITICAL
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.