9.8

CVE-2022-22956

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.

Data is provided by the National Vulnerability Database (NVD)
VMwareIdentity Manager Version3.3.3
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.4
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.5
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.6
   LinuxLinux Kernel Version-
VMwareVrealize Automation Version >= 8.0 < 9.0
   LinuxLinux Kernel Version-
VMwareVrealize Automation Version7.6
   LinuxLinux Kernel Version-
VMwareWorkspace One Access Version20.10.0.0
   LinuxLinux Kernel Version-
VMwareWorkspace One Access Version20.10.0.1
   LinuxLinux Kernel Version-
VMwareWorkspace One Access Version21.08.0.0
   LinuxLinux Kernel Version-
VMwareWorkspace One Access Version21.08.0.1
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 54.86% 0.98
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.