9.8

CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Data is provided by the National Vulnerability Database (NVD)
VMwareIdentity Manager Version3.3.4
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.5
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.6
   LinuxLinux Kernel Version-
VMwareOne Access Version21.08.0.0
   LinuxLinux Kernel Version-
VMwareOne Access Version21.08.0.1
   LinuxLinux Kernel Version-
VMwareAccess Connector Version21.08.0.0
   MicrosoftWindows Version-
VMwareAccess Connector Version21.08.0.1
   MicrosoftWindows Version-
VMwareAccess Connector Version22.05
   MicrosoftWindows Version-
VMwareIdentity Manager Connector Version3.3.4
   MicrosoftWindows Version-
VMwareIdentity Manager Connector Version3.3.5
   MicrosoftWindows Version-
VMwareIdentity Manager Connector Version3.3.6
   MicrosoftWindows Version-
VMwareIdentity Manager Connector Version19.03.0.1
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 82.74% 0.992
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H