VMware Workspace ONE Access, VMware Identity Manager, and VMware vRealize Automation security bypass | CVE-2022-22972
NAME
VMware Workspace ONE Access, VMware Identity Manager, and VMware vRealize Automation security bypass
- Platforms Affected:
VMware Identity Manager 3.3.3
VMware vRealize Automation 7.6
VMware Workspace ONE Access 21.08.0.1
VMware Workspace ONE Access 21.08.0.0
VMware Workspace ONE Access 20.10.0.1
VMware Workspace ONE Access 20.10.0.0
VMware Identity Manager 3.3.6
VMware Identity Manager 3.3.5
VMware Identity Manager 3.3.4
VMware vRealize Automation 8 - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Bypass Security
DESCRIPTION
VMware Workspace ONE Access, VMware Identity Manager, and VMware vRealize Automation could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain administrative access.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to VMware Security Advisory VMSA-2022-0014 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.vmware.com/security/advisories/VMSA-2022-0014.html - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22972
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.