vulnerability

VMware Workspace ONE Access: CVE-2022-22972: Authentication Bypass Vulnerability (VMSA-2022-0014) (Unauthenticated Remote)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	May 18, 2022	Aug 23, 2022	Aug 23, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

May 18, 2022

Added

Aug 23, 2022

Modified

Aug 23, 2022

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Solution

vmware-workspace-one-access-apply-hotfix-patch-HW-156875

References

CVE-2022-22972
https://attackerkb.com/topics/CVE-2022-22972
URL-https://www.vmware.com/security/advisories/VMSA-2022-0014.html
URL-https://www.rapid7.com/blog/post/2022/05/19/cve-2022-22972-critical-authentication-bypass-in-vmware-workspace-one-access-identity-manager-and-vrealize-automation/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today