Lucene search

[email protected]CVE-2022-22973

HistoryMay 20, 2022 - 9:15 p.m.

CVE-2022-22973

2022-05-2021:15:09

[email protected]

web.nvd.nist.gov

In Wild

cve-2022-22973

vmware

workspace one

access

identity manager

privilege escalation

vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’.

Affected configurations

NVD

Node

vmwareidentity_managerMatch3.3.3

vmwareidentity_managerMatch3.3.4

vmwareidentity_managerMatch3.3.5

vmwareidentity_managerMatch3.3.6

vmwareworkspace_one_accessMatch20.10.0.0

vmwareworkspace_one_accessMatch20.10.0.1

vmwareworkspace_one_accessMatch21.08.0.0

vmwareworkspace_one_accessMatch21.08.0.1

AND

linuxlinux_kernelMatch-

Node

vmwarecloud_foundationMatch4.0

vmwarecloud_foundationMatch4.0.1

vmwarecloud_foundationMatch4.1

vmwarecloud_foundationMatch4.1.0.1

vmwarecloud_foundationMatch4.2

vmwarecloud_foundationMatch4.2.1

vmwarecloud_foundationMatch4.3

vmwarecloud_foundationMatch4.3.1

vmwarevrealize_suite_lifecycle_managerMatch8.0

vmwarevrealize_suite_lifecycle_managerMatch8.0.1

vmwarevrealize_suite_lifecycle_managerMatch8.1

vmwarevrealize_suite_lifecycle_managerMatch8.2

vmwarevrealize_suite_lifecycle_managerMatch8.2patch1

vmwarevrealize_suite_lifecycle_managerMatch8.2patch2

vmwarevrealize_suite_lifecycle_managerMatch8.2patch3

vmwarevrealize_suite_lifecycle_managerMatch8.3

vmwarevrealize_suite_lifecycle_managerMatch8.3patch1

vmwarevrealize_suite_lifecycle_managerMatch8.3patch2

vmwarevrealize_suite_lifecycle_managerMatch8.3patch3

vmwarevrealize_suite_lifecycle_managerMatch8.4

vmwarevrealize_suite_lifecycle_managerMatch8.4patch1

vmwarevrealize_suite_lifecycle_managerMatch8.4.1

vmwarevrealize_suite_lifecycle_managerMatch8.4.1patch1

vmwarevrealize_suite_lifecycle_managerMatch8.4.1patch2

vmwarevrealize_suite_lifecycle_managerMatch8.4.1patch3

vmwarevrealize_suite_lifecycle_managerMatch8.6

vmwarevrealize_suite_lifecycle_managerMatch8.6patch1

vmwarevrealize_suite_lifecycle_managerMatch8.6.1

vmwarevrealize_suite_lifecycle_managerMatch8.6.2

vmwarevrealize_suite_lifecycle_managerMatch8.7

vmwarevrealize_suite_lifecycle_managerMatch8.8

CPENameOperatorVersion
vmware:identity_managervmware identity managereq3.3.3
vmware:identity_managervmware identity managereq3.3.4
vmware:identity_managervmware identity managereq3.3.5
vmware:identity_managervmware identity managereq3.3.6
vmware:workspace_one_accessvmware workspace one accesseq20.10.0.0
vmware:workspace_one_accessvmware workspace one accesseq20.10.0.1
vmware:workspace_one_accessvmware workspace one accesseq21.08.0.0
vmware:workspace_one_accessvmware workspace one accesseq21.08.0.1

CPE	Name	Operator	Version
vmware:identity_manager	vmware identity manager	eq	3.3.3
vmware:identity_manager	vmware identity manager	eq	3.3.4
vmware:identity_manager	vmware identity manager	eq	3.3.5
vmware:identity_manager	vmware identity manager	eq	3.3.6
vmware:workspace_one_access	vmware workspace one access	eq	20.10.0.0
vmware:workspace_one_access	vmware workspace one access	eq	20.10.0.1
vmware:workspace_one_access	vmware workspace one access	eq	21.08.0.0
vmware:workspace_one_access	vmware workspace one access	eq	21.08.0.1

CNA Affected

[
  {
    "product": "VMware Workspace ONE Access and Identity Manager.",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Access 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0. Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3."
      }
    ]
  }
]