CVE-2022-22955
published 2022-04-13CVE-2022-22955: VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | identity_manager | — | — |
| vmware | identity_manager | — | — |
| vmware | identity_manager | — | — |
| vmware | identity_manager | — | — |
| vmware | vrealize_automation | — | — |
| vmware | vrealize_automation | >= 8.0 < 9.0 | 9.0 |
| vmware | workspace_one_access | — | — |
| vmware | workspace_one_access | — | — |
| vmware | workspace_one_access | — | — |
| vmware | workspace_one_access | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL