VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to โrootโ.
[
{
"vendor": "n/a",
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"versions": [
{
"version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3. vRealize Automation 7.6.",
"status": "affected"
}
]
}
]
packetstormsecurity.com/files/171918/Mware-Workspace-ONE-Remote-Code-Execution.html
packetstormsecurity.com/files/171918/VMware-Workspace-ONE-Remote-Code-Execution.html
packetstormsecurity.com/files/171935/VMware-Workspace-ONE-Access-Privilege-Escalation.html
www.vmware.com/security/advisories/VMSA-2022-0011.html