A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrative network access can escalate privileges to root. VMware vRealize Operations contains a privilege escalation vulnerability. Successful exploitation can lead to a remote code execution. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. VMware vRealize Operations contains an information disclosure vulnerability. ![]() A low-privileged malicious actor with network access can access log files that lead to information disclosure. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. VMware vRealize Operations contains an authentication bypass vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. ** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. ** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. ![]() NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). ** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |