Vulnerabilities (CVE)

Filtered by vendor Vmware Subscribe
Total 896 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22963 2 Oracle, Vmware 28 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 25 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
CVE-2022-22962 2 Linux, Vmware 2 Linux Kernel, Horizon 2024-11-21 7.2 HIGH 7.8 HIGH
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.
CVE-2022-22961 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
CVE-2022-22960 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 7.2 HIGH 7.8 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
CVE-2022-22959 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
CVE-2022-22958 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVE-2022-22957 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
CVE-2022-22956 2 Linux, Vmware 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVE-2022-22955 2 Linux, Vmware 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVE-2022-22954 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVE-2022-22953 1 Vmware 1 Vmware Hcx 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information.
CVE-2022-22952 2 Microsoft, Vmware 2 Windows, Carbon Black App Control 2024-11-21 9.0 HIGH 9.1 CRITICAL
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.
CVE-2022-22951 2 Microsoft, Vmware 2 Windows, Carbon Black App Control 2024-11-21 9.0 HIGH 9.1 CRITICAL
VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution.
CVE-2022-22950 1 Vmware 1 Spring Framework 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CVE-2022-22948 1 Vmware 2 Cloud Foundation, Vcenter Server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
CVE-2022-22947 2 Oracle, Vmware 10 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 7 more 2024-11-21 6.8 MEDIUM 10.0 CRITICAL
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CVE-2022-22946 2 Oracle, Vmware 6 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 3 more 2024-11-21 2.1 LOW 5.5 MEDIUM
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
CVE-2022-22945 1 Vmware 2 Cloud Foundation, Nsx Data Center 2024-11-21 7.2 HIGH 7.8 HIGH
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.
CVE-2022-22944 1 Vmware 1 Workspace One Boxer 2024-11-21 3.5 LOW 5.4 MEDIUM
VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.
CVE-2022-22943 1 Vmware 1 Tools 2024-11-21 7.2 HIGH 6.7 MEDIUM
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.