Lucene search

[email protected]CVE-2022-31660

HistoryAug 05, 2022 - 4:15 p.m.

CVE-2022-31660

2022-08-0516:15:12

[email protected]

web.nvd.nist.gov

cve

2022

31660

vmware

workspace one access

identity manager

vrealize automation

privilege escalation

vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.0%

JSON

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’.

Affected configurations

NVD

Node

vmwareidentity_managerMatch3.3.4

vmwareidentity_managerMatch3.3.5

vmwareidentity_managerMatch3.3.6

vmwareone_accessMatch21.08.0.0

vmwareone_accessMatch21.08.0.1

AND

linuxlinux_kernelMatch-

Node

vmwareaccess_connectorMatch21.08.0.0

vmwareaccess_connectorMatch21.08.0.1

vmwareaccess_connectorMatch22.05

vmwareidentity_manager_connectorMatch3.3.4

vmwareidentity_manager_connectorMatch3.3.5

vmwareidentity_manager_connectorMatch3.3.6

vmwareidentity_manager_connectorMatch19.03.0.1

AND

microsoftwindowsMatch-

CPENameOperatorVersion
vmware:identity_managervmware identity managereq3.3.4
vmware:identity_managervmware identity managereq3.3.5
vmware:identity_managervmware identity managereq3.3.6
vmware:one_accessvmware one accesseq21.08.0.0
vmware:one_accessvmware one accesseq21.08.0.1

CPE	Name	Operator	Version
vmware:identity_manager	vmware identity manager	eq	3.3.4
vmware:identity_manager	vmware identity manager	eq	3.3.5
vmware:identity_manager	vmware identity manager	eq	3.3.6
vmware:one_access	vmware one access	eq	21.08.0.0
vmware:one_access	vmware one access	eq	21.08.0.1

CNA Affected

[
  {
    "product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Workspace One Access (21.08.0.1 & 21.08.0.0), Identity Manager (vIDM) (3.3.6, 3.3.5 & 3.3.4), and vRealize Automation 7.6"
      }
    ]
  }
]