Vmware: Security Vulnerabilities
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-08-05
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
CVSS Score
7.5
EPSS Score
0.022
Published
2022-08-05
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.
CVSS Score
6.1
EPSS Score
0.012
Published
2022-08-05
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-08-05
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
CVSS Score
7.2
EPSS Score
0.055
Published
2022-08-05
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-07-14
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-13
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
CVSS Score
5.4
EPSS Score
0.013
Published
2022-07-12
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
CVSS Score
5.4
EPSS Score
0.013
Published
2022-07-12
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVSS Score
5.6
EPSS Score
0.001
Published
2022-07-12