VMware Vrealize Automation
By the Year
In 2024 there have been 0 vulnerabilities in VMware Vrealize Automation . Last year Vrealize Automation had 1 security vulnerability published. Right now, Vrealize Automation is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 8.80 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 6.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 3 | 8.57 |
It may take a day or so for new Vrealize Automation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Vrealize Automation Security Vulnerabilities
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability
CVE-2023-20855
8.8 - High
- February 22, 2023
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.
XXE
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling
CVE-2021-22036
6.5 - Medium
- October 13, 2021
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.
Information Disclosure
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack
CVE-2018-6958
6.1 - Medium
- April 13, 2018
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation.
XSS
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs
CVE-2018-6959
9.8 - Critical
- April 13, 2018
VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session.
Session Fixation
VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability
CVE-2017-4947
9.8 - Critical
- January 29, 2018
VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
Marshaling, Unmarshaling
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0
CVE-2016-5334
5.3 - Medium
- December 29, 2016
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.
Exposure of Resource to Wrong Sphere
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1
CVE-2016-5335
7.8 - High
- August 31, 2016
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Vrealize Automation or by VMware? Click the Watch button to subscribe.
