VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to root.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloud_foundation | Vmware | 3.0 | * |
Identity_manager | Vmware | 3.3.3 | 3.3.3 |
Identity_manager | Vmware | 3.3.4 | 3.3.4 |
Identity_manager | Vmware | 3.3.5 | 3.3.5 |
Identity_manager | Vmware | 3.3.6 | 3.3.6 |
Vrealize_automation | Vmware | 8.0 | * |
Vrealize_automation | Vmware | 7.6 | 7.6 |
Vrealize_suite_lifecycle_manager | Vmware | 8.0 | * |
Workspace_one_access | Vmware | 20.10.0.0 | 20.10.0.0 |
Workspace_one_access | Vmware | 20.10.0.1 | 20.10.0.1 |
Workspace_one_access | Vmware | 21.08.0.0 | 21.08.0.0 |
Workspace_one_access | Vmware | 21.08.0.1 | 21.08.0.1 |