CVE-2022-22959
published 2022-04-13CVE-2022-22959: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | >= 3.0 < 5.0 | 5.0 |
| vmware | identity_manager | — | — |
| vmware | identity_manager | — | — |
| vmware | identity_manager | — | — |
| vmware | identity_manager | — | — |
| vmware | vrealize_automation | — | — |
| vmware | vrealize_automation | >= 8.0 < 9.0 | 9.0 |
| vmware | vrealize_suite_lifecycle_manager | >= 8.0 < 9.0 | 9.0 |
| vmware | workspace_one_access | — | — |
| vmware | workspace_one_access | — | — |
| vmware | workspace_one_access | — | — |
| vmware | workspace_one_access | — | — |