CVE-2022-31701 — Missing Authentication for Critical Function in Vmware Access

CWE-306 — Missing Authentication for Critical Function CWE-287 — Improper Authentication4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 61.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Access Vmware Identity Manager Connector

Timeline

PublishedDec 14

Description

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDvmware/identity_manager_connector3.3.6

▶NVDvmware/access21.08.0.0, 21.08.0.1, 22.09.0.0+2

🔴Vulnerability Details

CVEList

CVE-2022-31701: VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability↗2022-12-14

▶

GHSA

GHSA-jp99-g9qj-38pv: VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability↗2022-12-14

▶

📋Vendor Advisories

VMware

VMware Workspace ONE Access and Identity Manager updates address multiple vulnerabilities (CVE-2022-31700, CVE-2022-31701).↗2022-12-13

▶