Privilege Escalation Vulnerabilities in VMware Workspace ONE Access and Identity Manager
CVE-2022-31661

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Workspace One Access, Identity Manager And Vrealize Automation
Vendor: CVE Published:; 5 August 2022

What is CVE-2022-31661?

VMware Workspace ONE Access, Identity Manager, and vRealize Automation have been identified with two vulnerabilities that allow local attackers to escalate their privileges to 'root'. This vulnerability poses a significant risk as it enables malicious actors to gain elevated control over the affected systems, potentially leading to unauthorized access and manipulation of sensitive data. Users are advised to review the latest security advisories and apply necessary patches to mitigate this risk.

Affected Version(s)

VMware Workspace ONE Access, Identity Manager and vRealize Automation Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6

References

https://www.vmware.com/security/advisories/VMSA-2022-0021...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2022
Vulnerability Reserved
May 25, 2022

Vmware

What is CVE-2022-31661?

Affected Version(s)

References

CVSS V3.1

Timeline