CVE-2022-22959Cross-Site Request Forgery in Vmware Cloud Foundation

CWE-352Cross-Site Request Forgery5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 47.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Vmware Cloud FoundationVmware Vrealize AutomationVmware Vrealize Suite Lifecycle Manager+2 more
Timeline
PublishedApr 13
Latest updateApr 14

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

NVDvmware/vrealize_automation8.09.0+1
NVDvmware/identity_manager4 versions+3
NVDvmware/workspace_one_access4 versions+3
NVDvmware/cloud_foundation3.05.0

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-mchf-99pv-x6wc: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability2022-04-14
CVEList
CVE-2022-22959: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability2022-04-13

📋Vendor Advisories

2
VMware
VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.2022-04-06
Oracle
Oracle Oracle Java SE Risk Matrix: Node (Node.js) — CVE-2021-229592022-01-15
CVE-2022-22959 — Cross-Site Request Forgery in Vmware | cvebase