CVE-2022-31700

2022-12-1419:15:12

[email protected]

web.nvd.nist.gov

vmware

workspace one

access

identity manager

authenticated

remote code execution

vulnerability

severity

important

cvssv3

base score 7.2

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.0%

JSON

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.

Affected configurations

Nvd

Node

vmwareaccessMatch21.08.0.0linux

vmwareaccessMatch21.08.0.1linux

vmwarecloud_foundationMatch-

Node

microsoftwindowsMatch-

AND

vmwareidentity_managerMatch3.3.6

VendorProductVersionCPE
vmwareaccess21.08.0.0cpe:2.3:a:vmware:access:21.08.0.0:*:*:*:*:linux:*:*
vmwareaccess21.08.0.1cpe:2.3:a:vmware:access:21.08.0.1:*:*:*:*:linux:*:*
vmwarecloud_foundation-cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
vmwareidentity_manager3.3.6cpe:2.3:a:vmware:identity_manager:3.3.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	access	21.08.0.0	cpe:2.3:a:vmware:access:21.08.0.0:::::linux::
vmware	access	21.08.0.1	cpe:2.3:a:vmware:access:21.08.0.1:::::linux::
vmware	cloud_foundation	-	cpe:2.3:a:vmware:cloud_foundation:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
vmware	identity_manager	3.3.6	cpe:2.3:a:vmware:identity_manager:3.3.6:::::::*