vulnerability

VMware Workspace ONE Access: CVE-2022-22972: Authentication Bypass Vulnerability (VMSA-2022-0014) (Unauthenticated Remote)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	May 18, 2022	Aug 23, 2022	Aug 23, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

May 18, 2022

Added

Aug 23, 2022

Modified

Aug 23, 2022

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Solution

vmware-workspace-one-access-apply-hotfix-patch-HW-156875

References

CVE-2022-22972
https://attackerkb.com/topics/CVE-2022-22972
https://www.vmware.com/security/advisories/VMSA-2022-0014.html
https://www.rapid7.com/blog/post/2022/05/19/cve-2022-22972-critical-authentication-bypass-in-vmware-workspace-one-access-identity-manager-and-vrealize-automation/

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report