CVE-2022-31663Cross-site Scripting in Vmware Access Connector

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
1.2%
top 21.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Vmware Access ConnectorVmware Identity ManagerVmware Identity Manager Connector+1 more
Timeline
PublishedAug 5
Latest updateAug 6

Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDvmware/identity_manager3.3.4, 3.3.5, 3.3.6+2
NVDvmware/one_access21.08.0.0, 21.08.0.1+1
NVDvmware/access_connector21.08.0.0, 21.08.0.1, 22.05+2

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-2jf2-rvm2-72fv: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability2022-08-06
CVEList
CVE-2022-31663: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability2022-08-05

📋Vendor Advisories

1
VMware
VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.2022-08-02
CVE-2022-31663 — Cross-site Scripting in Vmware | cvebase