VMwareVMSA-2022-0032VMware Workspace ONE Access and Identity Manager updates address multiple vulnerabilities (CVE-2022-31700, CVE-2022-31701).
3a. Authenticated Remote Code Execution Vulnerability (CVE-2022-31700)
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.
3b. Broken Authentication Vulnerability (CVE-2022-31701)
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31701
docs.vmware.com/en/VMware-Workspace-ONE-Access/22.09.1.0/rn/vmware-workspace-one-access-220910-release-notes/index.html
ikb.vmware.com/s/article/90384
kb.vmware.com/s/article/90399
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Related
