RSS   Vulnerabilities for 'Vrealize automation'   RSS

2021-10-13
 
CVE-2021-22036

CWE-200
 
 
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

 
2018-04-13
 
CVE-2018-6959

CWE-384
 
 
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.

 
 
CVE-2018-6958

CWE-79
 
 
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.

 
2018-01-29
 
CVE-2017-4947

CWE-502
 
 
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.

 
2016-12-29
 
CVE-2016-7460

 
 
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

 
 
CVE-2016-5334

 
 
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

 
2016-08-30
 
CVE-2016-5336

 
 
VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

 
 
CVE-2016-5335

 
 
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.

 
2016-03-16
 
CVE-2015-2344

 
 
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

 

 >>> Vendor: Vmware 132 Products
Workstation
Studio
Gsx server
Esx server
ACE
Player
Server
Infrastructure
Virtualcenter
Vmware workstation
Vmware server
Vmware player
ESXI
Remote console
ESX
Ace 2
Fusion
Vmware player 2
Vmware ace
Vmware esx
Vmware esxi
Movie decoder
Vmware virtualcenter
Hyperic hq
Tc server
Operations manager
Lab manager
Stage manager
Vcenter
Vcenter lab manager
Vcenter stage manager
VMRC
Vix api
View manager
Spring framework
Vcenter server
Springsource spring security
Open-vm-tools
Virtual infrastructure client
Springsource spring framework
AMS
Vcenter update manager
Zimbra desktop
Vcenter chargeback manager
VIEW
Vsphere
Vcenter orchestrator
Vshield manager
VMA
Horizon
Vcenter operations
Capacityiq
Ovf tool
Vcenter server appliance
Vi-client
Vsphere client
Vcloud director
Tools
Vm-support
NSX
Vcloud networking and security
Airwatch
Vcloud automation center
Rabbitmq
Vsphere data protection
Horizon client
Horizon view client
Vrealize orchestrator
Vrealize business
Vrealize automation
Vcloud automation identity appliance
Vrealize log insight
Nsx edge
Vcloud networking and security edge
Workstation player
Workstation pro
Photon os
Identity manger
Fusion pro
Vrealize operations
Horizon view
Spring security
Airwatch inbox
Airwatch agent
Horizon daas
Unified access gateway
Spring advanced message queuing protocol
Harbor
Spring data rest
Spring boot
Xenon
Spring integration zip
Spring integration
Installbuilder
Vsphere esxi
Workspace one
Intelligent hub
Workspace one boxer
Workspace one content
Workspace one intelligent hub
See all Products for Vendor Vmware

Copyright 2024, cxsecurity.com

 

Back to Top