Reflected Cross-Site Scripting in VMware Workspace ONE Access and vRealize Automation
CVE-2022-31663
6.1MEDIUM
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 5 August 2022
Summary
VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a reflected cross-site scripting (XSS) vulnerability. This flaw arises from inadequate sanitization of user inputs, allowing a malicious actor to craft malicious scripts that can be executed in the context of the target user's session. Successful exploitation requires some degree of user interaction, potentially leading to unauthorized access or manipulation of user data.
Affected Version(s)
VMware Workspace ONE Access, Identity Manager and vRealize Automation Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved