CVE-2022-22959

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Access (affected versions not specified) VMware Identity Manager (affected versions not specified) VMware vRealize Automation (affected versions not specified)

Description The issue is related to a cross-site request forgery vulnerability. A malicious actor can trick a user into unintentionally validating a malicious JDBC URI through a cross-site request forgery. The vulnerability is associated with insufficient checking of the source of HTTP requests, which can allow a remote attacker to carry out CSRF attacks using a specially crafted web page.

Recommendations For VMware Workspace ONE Access, consider implementing additional validation for HTTP requests to prevent cross-site request forgery attacks. For VMware Identity Manager, restrict access to sensitive operations that can be triggered by a malicious JDBC URI until a fix is available. For VMware vRealize Automation, as a temporary workaround, consider disabling the functionality that allows validation of JDBC URIs through user-initiated requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.