Path Traversal Vulnerability in VMware Workspace ONE Access and Identity Manager
CVE-2022-31662

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vmware Workspace One Access, Access Connector, Identity Manager, Vidm Connector And Vrealize Automation
Vendor: CVE Published:; 5 August 2022

Summary

A path traversal vulnerability exists in VMware Workspace ONE Access and Identity Manager, enabling a malicious actor with network access to exploit this flaw. By manipulating file paths, an attacker could potentially gain access to arbitrary files on the server, which may contain sensitive information. This could lead to unauthorized disclosure of data and pose significant risks to organizations using the affected products.

Affected Version(s)

VMware Workspace ONE Access, Access Connector, Identity Manager, vIDM Connector and vRealize Automation Workspace One Access (21.08.0.1 & 21.08.0.0), Access Connector (21.08.0.1, 21.08.0.0, 22.05), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), vIDM Connector (3.3.6, 3.3.5, 3.3.4), and vRealize Automation 7.6

References

https://www.vmware.com/security/advisories/VMSA-2022-0021...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2022
Vulnerability Reserved
May 25, 2022