jaedom.blogg.se

A malicious actor with network access may be able to access arbitrary files. VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. A malicious actor with local access can escalate privileges to 'root'. VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrative network access can escalate privileges to root. VMware vRealize Operations contains a privilege escalation vulnerability. Successful exploitation can lead to a remote code execution.

A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. VMware vRealize Operations contains an authentication bypass vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data. VMware Aria Operations contains an arbitrary file read vulnerability.