CVE-2022-22972

critical

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

From the Tenable Blog

CVE-2022-22972: VMware Patches Additional Workspace ONE Access Vulnerabilities (VMSA-2022-0014)

CVE-2022-22972: VMware Patches Additional Workspace ONE Access Vulnerabilities (VMSA-2022-0014)

Published: 2022-05-18

Organizations and government agencies are strongly advised to patch two newly disclosed vulnerabilities in VMware products, following warnings from VMware and the Cybersecurity and Infrastructure Security Agency.

References

References
Tenable Blogs

https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report

https://www.vmware.com/security/advisories/VMSA-2022-0014.html

https://www.theregister.com/2022/05/19/vmware_cisa_security_risks/

https://www.tenable.com/blog/cve-2022-31656-vmware-patches-several-vulnerabilities-in-multiple-products-vmsa-2022-0021

https://www.tenable.com/blog/cve-2022-22972-vmware-patches-additional-workspace-one-access-vulnerabilities-vmsa-2022-0014

Details

Source: Mitre, NVD

Published: 2022-05-20

Updated: 2023-08-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.93601