CVE-2022-22961

CWE-200 — Information Exposure CWE-668 — Exposure to Wrong Sphere4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 40.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Cloud Foundation Vmware Vrealize Automation Vmware Vrealize Suite Lifecycle Manager +2 more

Timeline

PublishedApr 13

Latest updateApr 14

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDvmware/workspace_one_access4 versions+3

▶NVDvmware/vrealize_automation8.0 — 9.0+1

▶NVDvmware/vrealize_suite_lifecycle_manager8.0 — 9.0

▶NVDvmware/identity_manager4 versions+3

▶NVDvmware/cloud_foundation3.0 — 5.0

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-mxr2-4h82-c6c3: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess informat↗2022-04-14

▶

CVEList

CVE-2022-22961: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess informat↗2022-04-13

▶

📋Vendor Advisories

VMware

VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.↗2022-04-06

▶