Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager
CVE-2022-31658

7.2HIGH

Key Information:

Vendor: Vmware
Status: Vmware Workspace One Access, Identity Manager And Vrealize Automation
Vendor: CVE Published:; 5 August 2022

Summary

VMware Workspace ONE Access, Identity Manager, and vRealize Automation have a remote code execution vulnerability that can be exploited by a malicious actor who has administrative and network access privileges. By exploiting this vulnerability, attackers may execute arbitrary code on vulnerable systems, potentially leading to unauthorized actions and compromise of system integrity. Organizations using these VMware products should review the vulnerability details and apply necessary patches to safeguard their environments.

Affected Version(s)

VMware Workspace ONE Access, Identity Manager and vRealize Automation Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6

References

https://www.vmware.com/security/advisories/VMSA-2022-0021...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2022
Vulnerability Reserved
May 25, 2022