7.2
CVE-2022-22958
- EPSS 1.86%
- Veröffentlicht 13.04.2022 18:15:13
- Zuletzt bearbeitet 21.11.2024 06:47:41
- Quelle security@vmware.com
- Teams Watchlist Login
- Unerledigt Login
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Cloud Foundation Version >= 3.0 < 5.0
VMware ≫ Identity Manager Version3.3.3
VMware ≫ Identity Manager Version3.3.4
VMware ≫ Identity Manager Version3.3.5
VMware ≫ Identity Manager Version3.3.6
VMware ≫ Vrealize Automation Version >= 8.0 < 9.0
VMware ≫ Vrealize Automation Version7.6
VMware ≫ Vrealize Suite Lifecycle Manager Version >= 8.0 < 9.0
VMware ≫ Workspace One Access Version20.10.0.0
VMware ≫ Workspace One Access Version20.10.0.1
VMware ≫ Workspace One Access Version21.08.0.0
VMware ≫ Workspace One Access Version21.08.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.86% | 0.824 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.