5.3

CVE-2022-22961

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareCloud Foundation Version >= 3.0 < 5.0
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.3
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.4
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.5
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.6
   LinuxLinux Kernel Version-
VMwareVrealize Automation Version >= 8.0 < 9.0
   LinuxLinux Kernel Version-
VMwareVrealize Automation Version7.6
   LinuxLinux Kernel Version-
VMwareVrealize Suite Lifecycle Manager Version >= 8.0 < 9.0
   LinuxLinux Kernel Version-
VMwareWorkspace One Access Version20.10.0.0
   LinuxLinux Kernel Version-
VMwareWorkspace One Access Version20.10.0.1
   LinuxLinux Kernel Version-
VMwareWorkspace One Access Version21.08.0.0
   LinuxLinux Kernel Version-
VMwareWorkspace One Access Version21.08.0.1
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.67
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.