VMware Workspace ONE Access 漏洞列表

共找到 3 个与 VMware Workspace ONE Access 相关的漏洞

📅 加载漏洞趋势中...

CVE-2022-22954: VMware Workspace ONE Access SSTI POC

日期: 2025-09-01 | 影响软件: VMware Workspace ONE Access

VMware Workspace ONE Access（以前称为VMware Identity Manager）旨在通过多因素身份验证、条件访问和单点登录，让您的员工更快地访问SaaS、Web和本机移动应用程序。其中的CVE-2022-22954是一个匿名服务器模板注入漏洞，未经身份验证的攻击者可以利用此漏洞进行远程任意代码执行。影响版本： VMware Workspace ONE Access Appliance （版本号：20.10.0.0 ，20.10.0.1 ，21.08.0.0 ，21.08.0.1 ） VMware Identity Manager Appliance （版本号：3.3.3 ， 3.3.4 ， 3.3.5 ，3.3.6） VMware Realize Automation （版本号：7.6） Fofa: app="vmware-Workspace-ONE-Access"
CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection POC

日期: 2025-08-01 | 影响软件: VMware Workspace ONE Access

VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager.
CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass POC

日期: 2025-08-01 | 影响软件: VMware Workspace ONE Access Identity Manager vRealize Automation

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

CVE-2022-22954: VMware Workspace ONE Access SSTI POC

CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection POC

CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass POC