CVE-2022-31656

critical

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

From the Tenable Blog

CVE-2022-31656: VMware Patches Several Vulnerabilities in Multiple Products (VMSA-2022-0021)
CVE-2022-31656: VMware Patches Several Vulnerabilities in Multiple Products (VMSA-2022-0021)

Published: 2022-08-02

VMware has patched another set of serious vulnerabilities across multiple products including VMware Workspace ONE Access. Organizations should patch urgently given past activity targeting vulnerabilities in VMware products.

References

Details

Source: Mitre, NVD

Published: 2022-08-05

Updated: 2023-08-08

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.79264