CVE-2022-31656
published 2022-08-05CVE-2022-31656: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | access_connector | — | — |
| vmware | access_connector | — | — |
| vmware | access_connector | — | — |
| vmware | identity_manager | — | — |
| vmware | identity_manager | — | — |
| vmware | identity_manager | — | — |
| vmware | identity_manager_connector | — | — |
| vmware | identity_manager_connector | — | — |
| vmware | identity_manager_connector | — | — |
| vmware | identity_manager_connector | — | — |
| vmware | one_access | — | — |
| vmware | one_access | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL