Cross site scripting

2022-08-0516:15:00

PRIOn knowledge base

www.prio-n.com

vmware

workspace one access

identity manager

vrealize automation

xss

vulnerability

user input

javascript code

improper sanitization

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.1%

JSON

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.

CPENameOperatorVersion
access_connectoreq21.08.0.0
access_connectoreq21.08.0.1
access_connectoreq22.05
identity_managereq3.3.4
identity_managereq3.3.5
identity_managereq3.3.6
identity_manager_connectoreq3.3.4
identity_manager_connectoreq3.3.5
identity_manager_connectoreq3.3.6
identity_manager_connectoreq19.03.0.1

Name	Operator	Version
access_connector	eq	21.08.0.0
access_connector	eq	21.08.0.1
access_connector	eq	22.05
identity_manager	eq	3.3.4
identity_manager	eq	3.3.5
identity_manager	eq	3.3.6
identity_manager_connector	eq	3.3.4
identity_manager_connector	eq	3.3.5
identity_manager_connector	eq	3.3.6
identity_manager_connector	eq	19.03.0.1