9.8

CVE-2022-31657

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

Data is provided by the National Vulnerability Database (NVD)
VMwareIdentity Manager Version3.3.4
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.5
   LinuxLinux Kernel Version-
VMwareIdentity Manager Version3.3.6
   LinuxLinux Kernel Version-
VMwareOne Access Version21.08.0.0
   LinuxLinux Kernel Version-
VMwareOne Access Version21.08.0.1
   LinuxLinux Kernel Version-
VMwareAccess Connector Version21.08.0.0
   MicrosoftWindows Version-
VMwareAccess Connector Version21.08.0.1
   MicrosoftWindows Version-
VMwareAccess Connector Version22.05
   MicrosoftWindows Version-
VMwareIdentity Manager Connector Version3.3.4
   MicrosoftWindows Version-
VMwareIdentity Manager Connector Version3.3.5
   MicrosoftWindows Version-
VMwareIdentity Manager Connector Version3.3.6
   MicrosoftWindows Version-
VMwareIdentity Manager Connector Version19.03.0.1
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.39% 0.844
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.