7.2
CVE-2022-22958
- EPSS 1.86%
- Published 13.04.2022 18:15:13
- Last modified 21.11.2024 06:47:41
- Source security@vmware.com
- Teams watchlist Login
- Open Login
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Cloud Foundation Version >= 3.0 < 5.0
VMware ≫ Identity Manager Version3.3.3
VMware ≫ Identity Manager Version3.3.4
VMware ≫ Identity Manager Version3.3.5
VMware ≫ Identity Manager Version3.3.6
VMware ≫ Vrealize Automation Version >= 8.0 < 9.0
VMware ≫ Vrealize Automation Version7.6
VMware ≫ Vrealize Suite Lifecycle Manager Version >= 8.0 < 9.0
VMware ≫ Workspace One Access Version20.10.0.0
VMware ≫ Workspace One Access Version20.10.0.1
VMware ≫ Workspace One Access Version21.08.0.0
VMware ≫ Workspace One Access Version21.08.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.86% | 0.824 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.