Privilege Escalation Vulnerability in VMware Workspace ONE Access and vRealize Automation
CVE-2022-31664

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Workspace One Access, Identity Manager And Vrealize Automation
Vendor: CVE Published:; 5 August 2022

What is CVE-2022-31664?

VMware Workspace ONE Access, Identity Manager, and vRealize Automation are susceptible to a privilege escalation vulnerability that allows a malicious actor with local access to escalate their privileges to 'root'. This poses a significant risk as it enables unauthorized access to sensitive system resources and actions. Organizations should ensure they apply the latest security updates to mitigate this vulnerability.

Affected Version(s)

VMware Workspace ONE Access, Identity Manager and vRealize Automation Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6

References

https://www.vmware.com/security/advisories/VMSA-2022-0021...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2022
Vulnerability Reserved
May 25, 2022

Vmware

What is CVE-2022-31664?

Affected Version(s)

References

CVSS V3.1

Timeline