Lucene search
VmwareCVE-2022-31658HistoryAug 05, 2022 - 4:15 p.m.
CVE-2022-31658
2022-08-0516:15:12
CWE-74
vmware
web.nvd.nist.gov
138
4
cve-2022-31658
vmware
workspace one access
identity manager
vrealize automation
remote code execution
vulnerability
nvd
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.003
Percentile
65.4%
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.
Affected configurations
Node
vmwareidentity_managerMatch3.3.4
ORvmwareidentity_managerMatch3.3.5
ORvmwareidentity_managerMatch3.3.6
ORvmwareone_accessMatch21.08.0.0
ORvmwareone_accessMatch21.08.0.1
linuxlinux_kernelMatch-
Node
vmwareaccess_connectorMatch21.08.0.0
ORvmwareaccess_connectorMatch21.08.0.1
ORvmwareaccess_connectorMatch22.05
ORvmwareidentity_manager_connectorMatch3.3.4
ORvmwareidentity_manager_connectorMatch3.3.5
ORvmwareidentity_manager_connectorMatch3.3.6
ORvmwareidentity_manager_connectorMatch19.03.0.1
microsoftwindowsMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vmware | identity_manager | 3.3.4 | cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:* |
| vmware | identity_manager | 3.3.5 | cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:* |
| vmware | identity_manager | 3.3.6 | cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:* |
| vmware | one_access | 21.08.0.0 | cpe:2.3:a:vmware:one_access:21.08.0.0:*:*:*:*:*:*:* |
| vmware | one_access | 21.08.0.1 | cpe:2.3:a:vmware:one_access:21.08.0.1:*:*:*:*:*:*:* |
| linux | linux_kernel | - | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
| vmware | access_connector | 21.08.0.0 | cpe:2.3:a:vmware:access_connector:21.08.0.0:*:*:*:*:*:*:* |
| vmware | access_connector | 21.08.0.1 | cpe:2.3:a:vmware:access_connector:21.08.0.1:*:*:*:*:*:*:* |
| vmware | access_connector | 22.05 | cpe:2.3:a:vmware:access_connector:22.05:*:*:*:*:*:*:* |
| vmware | identity_manager_connector | 3.3.4 | cpe:2.3:a:vmware:identity_manager_connector:3.3.4:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2022-31658
2022-08-05 15:07:10
nvd
nvd
CVE-2022-31658
2022-08-05 16:15:12
prion
prion
Remote code execution
2022-08-05 16:15:00
hivepro
hivepro
malwarebytes
malwarebytes
Update now! VMWare patches critical vulnerabilities in several products
2022-08-03 13:27:47
Update now! VMWare patches critical vulnerabilities in several products
2022-08-03 13:00:00
threatpost
threatpost
VMWare Urges Users to Patch Critical Authentication Bypass Bug
2022-08-03 15:23:16
nessus
nessus
vmware
vmware
thn
thn
VMware Releases Patches for Several New Flaws Affecting Multiple Products
2022-08-03 04:49:00
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.003
Percentile
65.4%
Related for CVE-2022-31658