3a. Authentication Bypass Vulnerability (CVE-2022-22972)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
3b. Local Privilege Escalation Vulnerability (CVE-2022-22973)
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22973
kb.vmware.com/s/article/88433
kb.vmware.com/s/article/88438
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H