5.3
CVE-2022-22961
- EPSS 0.55%
- Published 13.04.2022 18:15:13
- Last modified 21.11.2024 06:47:41
- Source security@vmware.com
- Teams watchlist Login
- Open Login
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Cloud Foundation Version >= 3.0 < 5.0
VMware ≫ Identity Manager Version3.3.3
VMware ≫ Identity Manager Version3.3.4
VMware ≫ Identity Manager Version3.3.5
VMware ≫ Identity Manager Version3.3.6
VMware ≫ Vrealize Automation Version >= 8.0 < 9.0
VMware ≫ Vrealize Automation Version7.6
VMware ≫ Vrealize Suite Lifecycle Manager Version >= 8.0 < 9.0
VMware ≫ Workspace One Access Version20.10.0.0
VMware ≫ Workspace One Access Version20.10.0.1
VMware ≫ Workspace One Access Version21.08.0.0
VMware ≫ Workspace One Access Version21.08.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.67 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.